Saturday, 04 April, 2020
|
In Stepanakert:   +4 °C

Critical security flaw found in #WhatsApp desktop platform allowing cybercriminals read from the file system access

Critical security flaw found in #WhatsApp desktop platform allowing cybercriminals read from the file system access
680
Thursday, 06 February, 2020, 14:55

Back in 2017, while I was traveling in Peru, I found a security flaw that Check Point published a few months later. That flaw was simple. In the words of Check Point’s researchers in this article published in 2018, it allowed an attacker to “alter the text of someone else’s reply, essentially putting words in their mouth.”

It was cool, but back then I couldn’t come up with any idea of further exploiting the flaw or finding related flaws. So except for trolling my friends a couple of times in our group chat, I kind of let it go.

A year later, I decided to continue my research. I really wanted to find a major security flaw in a well-known and widely used service, and I felt like WhatsApp was a good start. So I gave it a go since I already had some clue of existing security flaws in WhatsApp mobile and web applications.