Facebook’s WhatsApp mobile app has had a rough time lately with regard to software vulnerabilities. In November 2019, the social media company quietly issued a security patch for a buffer overflow vulnerability contained in their messaging application.
However, the vulnerability disclosed in November 2019 is not the only recent vulnerability discovered and patched in the secure messaging application. Earlier in 2019, another buffer overflow vulnerability was discovered and patched by the company. Both of these vulnerabilities are rated as “severe” due to the fact that an attacker exploiting them can run malicious code on the target device.
To make things worse, the vulnerabilities in WhatsApp can be exploited by an unauthenticated attacker. These vulnerabilities were discovered in functions that process data sent by another WhatsApp user to the target. By taking a simple action – initiating a WhatsApp call or sending an MP4 video to the target – an attacker can trigger the vulnerability, giving them control over the device. These vulnerabilities can then be exploited to place spyware on the victim’s device and to view the user’s messaging history within the app.
A Brief History of WhatsApp Security
The recent WhatsApp vulnerability is not the first buffer overflow contained within the mobile app. In May 2019, a different buffer overflow vulnerability was discovered in how WhatsApp processed the data contained within an incoming call.
This vulnerability was created because WhatsApp uses a special binary format for sending data between devices and then unpacks this data at the recipient device. If an attacker sent a specially formatted packet, which lied about the length of a certain field, the recipient’s WhatsApp would unpack the data into a place on the stack that did not have sufficient space for it. As a result, the attacker would have the ability to write to memory that should have been outside of their control. This vulnerability was concerning since it allowed remote code execution on a target device without any user interaction required. The malicious packet was sent as part of initiating a call, so, even if the user rejected the call, the damage was already done.
This past WhatsApp vulnerability has been the source of significant controversy. While Facebook was in the process of patching the vulnerability, they observed someone trying to exploit it on the device of a UK-based human rights lawyer. Additional investigation pointed to the use of the vulnerability to spy upon individuals who would be of interest to certain governments.
The Israeli-based NSO Group is well known for developing and selling exploits to governments for use in surveillance activities that fall outside the scope of law enforcement activities. This, and the fact that the observed attack used infrastructure previously linked to the NSO Group, has led Facebook to believe that the company was beyond the exploitation of the WhatsApp vulnerability. As a result, Facebook has begun a lawsuit against the NSO Group for exploitation of a vulnerability in one of their products.
The Newest WhatsApp Vulnerability
The buffer overflow vulnerability disclosed in May was not the last such vulnerability in the WhatsApp platform. In November 2019, Facebook patched another vulnerability in WhatsApp that was similar in scope, severity, and potential impact.
This vulnerability dealt with how WhatsApp handled MP4 video files. Along with a video file comes a stream of metadata containing details about the file. When parsing this metadata, WhatsApp is vulnerable to a stack-based buffer overflow attack. This would allow the attacker to perform a Denial of Service attack (crashing the app) or to run attacker-controlled code on the app that could give access to previous conversations that the user has performed on the app. Exploitation of the vulnerability only requires an attacker to know the phone number of the victim and to send them a malicious MP4 video via WhatsApp.
Luckily, while the new vulnerability had the potential to be at least as damaging as the previous buffer overflow flaw, it appears that this one was not being actively exploited by attackers prior to being patched by Facebook. However, this demonstrates the importance of keeping such applications up-to-date (so that Facebook-provided security patches are applied) and to consider the risks associated with using these applications for personal communications.
Protecting Against Buffer Overflow Vulnerabilities
Buffer overflow vulnerabilities are nothing new. They are extremely simple vulnerabilities – only involving a failure to properly manage memory and user input – yet they can be extremely difficult to detect. A wide range of buffer overflow vulnerabilities exist, and sometimes apparently “safe” code can be vulnerable since another vulnerability can be exploited to bypass existing protections against buffer overflows.
The two major WhatsApp vulnerabilities disclosed and patched in 2019 demonstrate the potential impact of a buffer overflow vulnerability in a critical application. Both of these vulnerabilities could be exploited without user interaction, and enabled an attacker to run malicious code within the victim application. In one case, the vulnerability was exploited multiple times to spy upon parties of interest to various governments, leading to a lawsuit by Facebook against the suspected perpetrator.
Protecting against buffer overflow vulnerabilities requires the ability to identify and block potential exploits before they reach a vulnerable application. Deploying a strong web application firewall (WAF) to protect an organization’s web presence and runtime application self-protection (RASP) for critical or potentially vulnerable assets is an important first step toward protecting an organization and its software assets against exploitation.
How Will Roads Change As Logistics Become Automated?
There have been a lot of big developments to be found inside the automated vehicle space over the last few years. With countless car companies throwing their hats into the ring, it’s only a matter of time until cars that don’t need drivers are able to spend more time on the road. Of course, though, personal transport is only one side of this, and the automated driving scene is much more likely to impact logistics in the short-term. But how exactly will this change the way that transport companies operate, and how will the roads you use be impacted by changes like this?
Currently, many truck drivers have to push themselves to their limits to be able to get their work done. Long drives can easily be held up, but important deadlines can’t be missed without throwing off an entire schedule, and this leaves drivers having to miss sleep and drive long distances without breaks. A tacho card will usually be used to monitor this, making sure that drivers don’t break the law. Automated transport promises to solve problems like this, with digital machines never tiring and being able to work for days on end without having to take a break.
Many transport companies have to use the roads at the same time as normal drivers to make sure that they can make their deliveries without pushing drivers too hard. This sort of approach wouldn’t need to be taken with automated vehicles, instead giving transport operators the chance to choose the quietest times to have their machines on the road. Alongside this, route planning can be more dynamic, with plans being changed on the fly to make up for things like traffic issues. Of course, though, as a big part of this, normal drivers may experience some strange behavior from the automated trucks that they see, especially when they are first starting to hit the road.
While it may be something that changes in the future, transport companies are often more interested in systems that use convoys of trucks rather than simply sending trucks out on their own. This involves having a lead truck that is driven by a normal person, with several other trucks that tail safely behind it. This can make it much easier to have trucks follow specific routes without having to rely on GPS systems can lose signal or be disrupted in other ways. Of course, though, as a big part of this, many transport companies simply can’t afford the technology like this, and it could be a few more years until they start to be spotted when you’re out and about.
With all of this in mind, you should have a much better idea of how the automated logistics market is going to change roads over the next few years. The way that you drive will almost certainly change as time goes by, with more and more automated driving options becoming available all the time.
Matica’s CEO Sandro Camilleri speaks about security in digital payments
One thing is for sure: the COVID-19 pandemic accelerated many behaviors and trends that once were holding their pace. A great example can be found in digital payments and online shopping. According to Rakuten Intelligence, from March through mid-April, e-commerce spending in the United States increased more than 30% compared to the same period last year. When it comes to worldwide scores, it reaches the surprising increase of 74%.
Although books and cleaning products led the ranks mapped by Rakuten, specialists argue that digital payments and online shopping are here to stay, as much as it has already been observed in Asian countries. In this sense, securing financial transactions and protecting consumer data became a mandatory issue to be addressed both by companies and the government.
As a leading European company in the processing and printing of cards and identification documents for security systems, Matica Technologies is dedicated to granting safety and technological solutions to businesses dealing with financial transactions online. According to the CEO and founder of Matica, Sandro Camilleri, the advent of digital payments is a revolution similar to that which technology has caused and is currently causing in other areas, such as transports. “It is an inevitable revolution, which citizens will have to get used to, and which must therefore be managed in order not to risk unintended consequences, being the key issue obviously safety,” he argues.
Camilleri stresses that there are two different phases when it comes to digital payment security. A first one is about information and personal data storage, one of the greatest topics of our time and also a potentially enormous market sector. The second, less discussed though equally important, is guaranteeing strength and security for the financial transaction itself — and this is a purely technological issue. “The use of chips that are equipped with incredible memories, high precision lasers and holograms makes it extremely difficult, not to say impossible, for any attacker to clone a card produced by us. Secondly, the transaction must be secure thanks to specific and constantly updated software,” explains Matica’s CEO.
Now, when it comes to privacy, Camilleri states that people must be aware of what is at stake when data is leaked and why such occurrences are so alarming. With more and more appliances being automated and connected to computers and to the internet, such as is the case for cars and home security systems, cyberattacks could lead to consequences that are not only terrible, but tragic.
In such situations, Matica’s CEO believes that only biometric data could spare individuals from having their systems hacked, though this data must be filed with care and used only for strictly necessary purposes. In any case, Camilleri argues that using biometrics is becoming day by day more inevitable with the increasing rhythm of automation, and this is a feature that can already be found in some of Matica’s available systems, such as is the case of the passport series.
Are You Aware Of Your Children’s Online Activity?
There’s a big, wide, scary, often strange world out there, and it’s the task of any individual to grow into an adult and begin to contend with it. However, most responsible parents understand that showing the raw facts of life, or being introduced to bad influences is simply not suitable for a young child. They must learn slowly, with care, and appropriately to the degree we’re able to foster that environment. Parents cater to this by controlling what friends their children make, or what hours they may be allowed to spend time with them.
However, a growing cause for concern is the fact that many parents fail to keep their children safe online. The internet may as well be its own world, and it reflects our reality, both the good and the bad, the trustworthy and the terrible. This means that as a parent, it’s important to stay aware of your child’s online activity. If you can do that, you can better control the content they see, what they’re allowed to access, and the influences they are moved by.
Use Worthwhile Content Filters
It’s important to use the best content filters and parental controls you can. Some offer you access to limit internet time, while others help you block certain websites or content from being seen. With the best cyberbullying safety services, you can also ensure that your children are equipped to handle the unfortunate likelihood of encountering abuse online. The more you can engage in good habits now, and regulate their usage, the less likely they are to come to harm within the wild west that is the online world.
Understand The Trends
Understand the trends that occur and know how to deal with them. For instance, you might block access to certain apps or sites, but your child’s friend’s parents may not have the same philosophy. If you know the trends through paying attention to what they’re saying, you will be able to assess if they’re healthy or not. For instance, TikTok is now seen as a negative influence on many young children due to how poorly they moderate their content, and how limited content filters are in place. When you make decisions to help them stay secure, you are in effect limiting the vulnerable pathways in which they could become less safe.
It’s important to say, but stay alert. If you notice your child is finding it hard to engage with social media, or they follow a risky YouTuber, you are within your right to restrict access or to observe more closely. It’s a tough job, but ultimately you cannot completely banish your child from the internet for the entirety of their childhood. It’s best to help them build healthy habits now and also know how to stay safe online than to pretend it doesn’t exist. To that end, you’ll be making the right choices.
With this advice, we hope you can better stay aware of your children’s online activity, and manage it as appropriately.
Items every household should have
How COVID is Changing Global Migration
Why Are We So Invested In Sports Teams?
Ways to Modernize Your Entertainment Options
How To Save Water At Work
5 Applications To Improve Workplace Health & Safety
Do Video Game Driving Skills Translate To Real Life?
How to Give Your Business a Competitive Edge
How much money do you need to live comfortably in Spain?
Keeping Your Home In The Best Shape for As Long As Possible
Business12 months ago
Axel Andorff and Carsten Isensee, new SEAT Vice presidents for R&D and Finance
Travel8 months ago
Dolphin Discovery is the only park with the AZA accreditation in Punta Cana
Travel9 months ago
What You Don’t Know About Broadway
Travel8 months ago
Azul Talavera Hotel: the perfect place for your next holidays in Puebla
Travel8 months ago
Ibiza: not only a destination for young people but also a natural paradise with dream beaches, exclusive locations, and luxury villas
Travel7 months ago
6 Things you can do in Tijuana
Europe8 months ago
Holiday in Italy: choose Florence for a break in the winter
Travel8 months ago
Everything you need to know for your tourist Australian visa