Social networks are currently one of the most used digital tools by people in the world, considering their importance in communicating and bringing users closer to their families or friends. Whether by means of a photograph or a text post, forNetworking has helped create digital communities unlike any before.
However, since they are hosted on the Internet, and need a stable connection, there are always risks to the security of the people who use them, either through cybercriminals hacking an account or a bug in the apps privacy protocol.
An example of this is what he discovered Check Point Research (CPR)WhatsApp, a company that specializes in detecting and analyzing cyber threats. The most important messaging app in the world, with more than 2 billion registered users on its platform, It would have had a “limited reading and writing vulnerability” in its software.
The vulnerability was related to the WhatsApp photo filter functionality and it was triggered When a user opened an attachment containing a malicious image file, then try to apply a filter and later send it with the filter applied back to the attacker,” CPR explained, in a document detailing their investigation.
You may be interested in: 8 Dangerous Apps You Should Remove From All Android Phones
Thus, according to the analysis conducted by the company, the failure stems precisely from the moment when the user tries to apply several layers of filters to the images, from the original WhatsApp editor, in GIF format, This causes the application program to crash for a moment. This time space is exploited by a hacker, who could ideally send code containing malware to a user, just using an image edited with filters.
“An image filter is a process by which the pixels in the original image are modified to achieve some visual effect (for example, blur, clarity, etc.). This makes the filters a very promising candidate for causing crashes as many calculations occur in a file image while applying the filter, Which involves reading the content of the image, processing pixel values, and writing the data to a new target image, Añade CPR.
Likewise, they noted that upon learning of the problem, WhatsApp was immediately notified, the company which decided to take action on the matter to try to fix what they themselves described as a bug in “Reading and writing is off limits,” which I call CVE-2020-1910.
“We regularly work with security researchers to improve the many ways WhatsApp protects people’s messages, and we appreciate the work Check Point does to investigate every corner of our app. People should have no doubt that end-to-end encryption continues to work as intended and that people’s messages remain safe and secure.WhatsApp said through an official statement.
For its part, CPR appreciated the attention given by WhatsApp and the use of its information for a safer user experience on the said platform.
“Once we discovered the vulnerability, we quickly reported our findings to WhatsApp, which were helpful in releasing a solution. As a result of our collective efforts, WhatsApp has become more secure for users all over the world.Said Oded Vanunu, Head of Product Vulnerabilities Research at Check Point.
It should be noted that according to experts, WhatsApp is a platform that receives about 55 billion texts per day, in addition to about 4.5 billion images and nearly one billion videos. Of course, this means that any system failure could put millions of people on this planet at risk; Although this was not fortunately.
WhatsApp confirmed that they see no evidence of abuse related to this vulnerability.CPR concluded, for the peace of mind of hundreds of millions of users who use this social network.