September 8, 2015 weblog
WhatsApp speeds patch, wins Check Point praise for response
Earlier this year, WhatsApp released its web-based service, making it accessible both on the phone and computer. WhatsApp Web was designed as the computer based extension of the WhatsApp account; as a web-based extension it mirrors messages sent and received; users can see messages on both devices
Trouble in message paradise: Check Point discovered a vulnerability for malware. WhatsApp was alerted to the problem at the end of last month and immediately issued a patch, said the BBC on Tuesday. Check Point had discovered that, with the vulnerability, all an attacker would need to target someone is the phone number associated with the account.
The BBC also reported that the vulnerability affects only the web-based version of the service.
The exploit was identified by Check Point security researcher Kasif Dekel. Attackers could trick victims into executing malware on their machines. What's the trick? In such a setting, the attacker sends a WhatsApp user a 'vCard' contact card. The card has the malicious code. Once opened in the WhatsApp Web, the executable file in the card can do its mischief, distributing malware— including ransomware which demands victims pay a fee to regain access to their files— bots, and remote access tools (RATs), according to TechWeekEurope UK.
Check Point's Oded Vanunu, security research group manager at Check Point, blogged: "WhatsApp Web allows users to view any type of media or attachment that can be sent or viewed by the mobile platform/application. This includes images, videos, audio files, locations and contact cards. The vulnerability lies in improper filtering of contact cards, sent utilizing the popular 'vCard' format.
When WhatsApp was alerted to the problem at the end of last month it immediately issued a patch, said the BBC.
"Check Point shared its discovery to WhatsApp on August 21, 2015. On August 27, WhatsApp rolled out the initial fix (in all versions greater than 0.1.4481) and blocked that particular feature," said Vanunu, referring to the vulnerability.
"Thankfully, WhatsApp responded quickly and responsibly to deploy an initial mitigation against exploitation of this issue in all web clients, pending an update of the WhatsApp client," he added. "We applaud WhatsApp for such proper responses, and wish more vendors would handle security issues in this professional manner. Software vendors and service providers should be secured and act in accordance with security best practices."
Earlier this month it was announced that WhatsApp now had 900 million monthly active users. According to The Jerusalem Post, "Check Point estimated that at least 200 million people use the WhatsApp Web interface."
Vanunu blogged, "At least 200M are estimated to use the WhatsApp Web interface, considering publicly available web traffic statistics."
© 2015 Tech Xplore