WhatsApp was affected by a security vulnerability that allowed attackers to access users’ private data through the application’s memory.
According to the cybersecurity firm Check Point Research (CPR), WhatsApp was affected by a vulnerability that, if exploited, allowed attackers to access the most sensitive information of users stored in the memory of the application and even bypass end-to-end encryption.
Although WhatsApp has already fixed the vulnerability. However, according to the security company, it was quite complex to exploit so the risk to users has been minimal.
The exploit required a series of complex steps to execute in addition to requiring extensive user interaction for attackers to access the data. If all the steps were executed correctly, confidential information could be read from the WhatsApp memory.
The gap was located in WhatsApp’s image filter feature. This process modifies the pixels in the original image to achieve certain visual effects, such as blurring or sharpening. In the course of the research, CPR found that switching between different filters in the generated GIFs did cause WhatsApp to crash, generating a memory alteration — leaving the door open for an attacker to access the information stored within it.
For the attacker to have access, he had to send an image treated with the filters that caused the problem to trigger the failure and the application to crash and cause the alteration. Something relatively simple, especially in an application that, according to CPR, sends more than 55,000 million messages a day, in addition to sharing 4,500 million photos and 1,000 million videos daily.
“The vulnerability related to the WhatsApp image filter functionality and was triggered when a user opened an attachment that contained a maliciously crafted image file, then tried to apply a filter, and then sent the image with the filter applied back to the attacker.”
CPR immediately alerted WhatsApp, which detailed the vulnerability as CVE-2020-1910, explaining that it was a read and write failure. The vulnerability was addressed by WhatsApp, recommending users to “keep their apps and operating systems up to date, to download updates whenever they’re available, to report suspicious messages, and to reach out to us if they experience issues using WhatsApp.”