Previous Article Next Article WhatsApp Desktop bug enables hackers to change messages

WhatsApp Desktop bug enables hackers to change messages

WhatsApp Desktop bug enables hackers to change messages Posted on April 3, 2020Leave a comment

Facebook has released an official statement on the WhatsApp desktop security breach, which allows scripting attacks through the Web site and reading existing files on MacOS and Windows via a specific text message. In these attacks, the hacker can retrieve the contents of the files on the computer next to the WhatsApp text message and take other criminal actions.

The breach was discovered by a security researcher, Gal Wiseman of PerimeterX , and the result of a weak WhatsApp desktop implementation using an electronics software framework that has had security problems in the past. Electron allows developers to build multi-platform web applications and browser technologies, but its level of security depends on the components the developer uses in their app.

Wiseman first discovered the vulnerability of injecting scripts through the Web for the first time in six years; he found that he could create buggy preview banners for web links and hide URLs containing vulnerabilities inside WhatsApp messages by manipulating message metadata. Slow. While investigating these vulnerabilities, he found that he could inject JavaScript code into the converted messages on the WhatsApp desktop and then access the local file system with the help of the Fetch API JavaScript. Such a bug enables access to files on the victim's system, manipulating messages and transferring malware to the target system.

All of this was due to the vulnerable versions of WhatsApp Desktop, which was developed using an older version of Chrome browser engine (ie, Chrome 2). Fortunately, newer versions of the Chrome engine can detect malicious code.

READ  Google's two-step authentication bug app has compromised the information of millions of users

According to Facebook, this vulnerability exists for those users who have paired the WhatsApp Desktop 0.3.9309 or earlier with the WhatsApp iPhone version before 2.20.10. The company has also released newer versions of WhatsApp Desktop that use up-to-date browser components.


Leave a Reply

Your email address will not be published. Required fields are marked *