Social networks are currently one of the digital tools most used by people in the world, taking into account their importance to communicate and bring users closer to their family or friends. Whether by means of a photograph or a text publication, lnets have helped create digital communities like no other platform before them.
However, since they are hosted on the Internet, and need a stable connection, there are always risks to the security of the people who use them, either through cybercriminals who hack into an account or an error in the privacy protocol of the apps.
An example of this was what he discovered Check Point Research (CPR), a company specialized in the detection and analysis of cyber threats, in the middle of WhatsApp. The most important messaging app in the world, with more than 2 billion registered users on its platform, it would have had a “limit read and write vulnerability” in its software.
“The vulnerability was related to the functionality of the WhatsApp image filter and was triggered when a user opened an attachment that contained a maliciously crafted image file, then it tried to apply a filter and later sent it with the filter applied again to the attacker ”, explained CPR, in a document detailing its investigation.
YOU MAY BE INTERESTED IN: 8 dangerous apps that must be eliminated from all Android phones
Thus, according to the analysis carried out by the company, the failure stems specifically from the moment in which a user tries to apply several layers of filters to the images, from the native WhatsApp editor, in GIF format, which causes the app software to crash for a moment. This space of time is taken advantage of by a hacker, who can perfectly send a code with malware to a user, only using a photograph edited with filters.
“An image filter is a process by which the pixels in the original image are modified to achieve some visual effects (eg blur, sharpen, etc.). This makes filters a very promising candidate to cause a crash, as there are many calculations in the image file during the filter application, which involves reading image content, manipulating pixel values, and writing data to a new target image”, Añade CPR.
Likewise, they indicated that upon learning of the problem, it was immediately notified to WhatsApp, a company that decided to take action on the matter to try to fix what they themselves called an error in “Reading and writing out of bounds”, which I call CVE-2020-1910.
“We regularly work with security researchers to improve the many ways WhatsApp protects people’s messages, and we appreciate the work Check Point does to investigate every corner of our app. People should have no doubt that end-to-end encryption continues to work as intended and people’s messages remain safe and secure“Said WhatsApp through an official statement.
For its part, CPR appreciated the attention paid by WhatsApp and that its information has been used to have a more secure user experience on said platform.
“Once we discovered the security vulnerability, we quickly reported our findings to WhatsApp, which was helpful in issuing a solution. The result of our collective efforts is a more secure WhatsApp for users around the world.”Said Oded Vanunu, Head of Product Vulnerability Research at Check Point.
It should be remembered that, according to experts, WhatsApp is a platform that receives about 55 billion texts daily, in addition to about 4.5 billion photos and close to one billion videos. Of course, this means that any failure in the system could put millions of people on the planet at risk; although fortunately this was not the case.
“WhatsApp confirmed that they saw no evidence of abuse related to this vulnerability”, CPR concluded, to the peace of mind of the hundreds of millions of users who use this social network.
KEEP READING