Filters on WhatsApp: a flaw (solved) puts the account at risk

WhatsApp: il caso Pegasus è una "sveglia" per internet thumbnail

Check Point Research (CPR) discovered a computer flaw in WhatsApp image filters, which made user data vulnerable. After notifying the messaging app company, the problem was resolved promptly.

Found flaw on WhatsApp filters

The vulnerability was in the code of WhatsApp’s image filters, which modify the pixels of the original image to achieve different visual effectsi, such as blur or sharpness. In analysis, CPR found that changing various filters on the GIFs created could far crashes WhatsApp. One of the crashes was a memory impairment. The team immediately reported to WhatsApp, which renamed the vulnerability CVE-2020-1910. An out-of-bounds read and write problem. A hacker could have applied specific filters to a specially created image and then sent it with the changes, crashing the app and then attacking it.

Oded Vanunu, Head of Products Vulnerabilities Research at Check Point said, With over two billion active users, WhatsApp can be an attractive target for attackers. Once the security vulnerability was discovered, we quickly reported our findings to WhatsApp, which was cooperative and collaborative in providing a fix. The result of our collective efforts is to ensure a safer WhatsApp for users around the world. “

For its part, WhatsApp responded with a statement, reassuring users about the possibility that this exploit was used. “People should have no doubt that end-to-end encryption continues to work as intended and that i messages remain safe and secure. This report involves more steps than a user should have done. AND we have no reason to believe they have been affected by this bug. “

However, the company is grateful to Check Point. “That said, even the more complex scenarios that researchers identify can help increase security for users. As with any tech product, we recommend keeping their apps and operating systems up to date. To download the available updates. To report suspicious messages and to contact us in case of problems with WhatsApp. “

Find more information on the flaw at this address.