The Meta organization has begun to address a number of vulnerabilities in WhatsApp that expose sensitive user information. These vulnerabilities indicate that, even when platforms are encrypted, they can inadvertently reveal critical device details.
The vulnerabilities are caused by the messaging service’s multi-device architecture, which allows subtle implementation differences to reveal whether the user is using an Android or an iOS device, while still maintaining end-to-end encryption for message content.
According to security researchers, this type of capability, which helps identify or identify operating systems by their fingerprints, is of particular value to advanced threat actors. These actors often choose WhatsApp-with its more than three billion active users per month-as their preferred channel for delivering advanced spyware to their customers.
It was discovered that attackers are able to exploit zero-day flaws that allow them to passively query WhatsApp servers for cryptographical session details without being able to interact with the victim, using variations in key identifiers, such as Signed Pre-Keys and One-Time Pre-Keys, in order to determine the target platform.
By utilizing this intelligence, adversaries can tailor exploits to the specific needs of their victims, deploying A
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: