Connect with us

Technology

Inside the New WhatsApp Buffer Overflow Vulnerability

Published

on

Whatsapp

Facebook’s WhatsApp mobile app has had a rough time lately with regard to software vulnerabilities. In November 2019, the social media company quietly issued a security patch for a buffer overflow vulnerability contained in their messaging application.

However, the vulnerability disclosed in November 2019 is not the only recent vulnerability discovered and patched in the secure messaging application. Earlier in 2019, another buffer overflow vulnerability was discovered and patched by the company. Both of these vulnerabilities are rated as “severe” due to the fact that an attacker exploiting them can run malicious code on the target device.

To make things worse, the vulnerabilities in WhatsApp can be exploited by an unauthenticated attacker. These vulnerabilities were discovered in functions that process data sent by another WhatsApp user to the target. By taking a simple action – initiating a WhatsApp call or sending an MP4 video to the target – an attacker can trigger the vulnerability, giving them control over the device. These vulnerabilities can then be exploited to place spyware on the victim’s device and to view the user’s messaging history within the app.

A Brief History of WhatsApp Security

The recent WhatsApp vulnerability is not the first buffer overflow contained within the mobile app. In May 2019, a different buffer overflow vulnerability was discovered in how WhatsApp processed the data contained within an incoming call.

This vulnerability was created because WhatsApp uses a special binary format for sending data between devices and then unpacks this data at the recipient device. If an attacker sent a specially formatted packet, which lied about the length of a certain field, the recipient’s WhatsApp would unpack the data into a place on the stack that did not have sufficient space for it. As a result, the attacker would have the ability to write to memory that should have been outside of their control. This vulnerability was concerning since it allowed remote code execution on a target device without any user interaction required. The malicious packet was sent as part of initiating a call, so, even if the user rejected the call, the damage was already done.

This past WhatsApp vulnerability has been the source of significant controversy. While Facebook was in the process of patching the vulnerability, they observed someone trying to exploit it on the device of a UK-based human rights lawyer. Additional investigation pointed to the use of the vulnerability to spy upon individuals who would be of interest to certain governments.

The Israeli-based NSO Group is well known for developing and selling exploits to governments for use in surveillance activities that fall outside the scope of law enforcement activities. This, and the fact that the observed attack used infrastructure previously linked to the NSO Group, has led Facebook to believe that the company was beyond the exploitation of the WhatsApp vulnerability. As a result, Facebook has begun a lawsuit against the NSO Group for exploitation of a vulnerability in one of their products.

The Newest WhatsApp Vulnerability

The buffer overflow vulnerability disclosed in May was not the last such vulnerability in the WhatsApp platform. In November 2019, Facebook patched another vulnerability in WhatsApp that was similar in scope, severity, and potential impact.

This vulnerability dealt with how WhatsApp handled MP4 video files. Along with a video file comes a stream of metadata containing details about the file. When parsing this metadata, WhatsApp is vulnerable to a stack-based buffer overflow attack. This would allow the attacker to perform a Denial of Service attack (crashing the app) or to run attacker-controlled code on the app that could give access to previous conversations that the user has performed on the app. Exploitation of the vulnerability only requires an attacker to know the phone number of the victim and to send them a malicious MP4 video via WhatsApp.

Luckily, while the new vulnerability had the potential to be at least as damaging as the previous buffer overflow flaw, it appears that this one was not being actively exploited by attackers prior to being patched by Facebook. However, this demonstrates the importance of keeping such applications up-to-date (so that Facebook-provided security patches are applied) and to consider the risks associated with using these applications for personal communications.

Protecting Against Buffer Overflow Vulnerabilities

Buffer overflow vulnerabilities are nothing new. They are extremely simple vulnerabilities – only involving a failure to properly manage memory and user input – yet they can be extremely difficult to detect. A wide range of buffer overflow vulnerabilities exist, and sometimes apparently “safe” code can be vulnerable since another vulnerability can be exploited to bypass existing protections against buffer overflows.

The two major WhatsApp vulnerabilities disclosed and patched in 2019 demonstrate the potential impact of a buffer overflow vulnerability in a critical application. Both of these vulnerabilities could be exploited without user interaction, and enabled an attacker to run malicious code within the victim application. In one case, the vulnerability was exploited multiple times to spy upon parties of interest to various governments, leading to a lawsuit by Facebook against the suspected perpetrator.

Protecting against buffer overflow vulnerabilities requires the ability to identify and block potential exploits before they reach a vulnerable application. Deploying a strong web application firewall (WAF) to protect an organization’s web presence and runtime application self-protection (RASP) for critical or potentially vulnerable assets is an important first step toward protecting an organization and its software assets against exploitation.

Use your ← → (arrow) keys to browse

Student @ Advanced Digital Sciences Center, Singapore. Travelled to 30+ countries, passion for basketball.

Continue Reading
Comments

Technology

How does Technology Affect the Working Environment?

Published

on

Technology-in-2019

Throughout history, machines and technology have changed the way that we work across nearly every industry. From the industrial era, all the way through to the modern age, it would seem that technology has improved working conditions significantly. The impact that it has had is immense. Some of the main changes can be found below.

Speed and Efficiency

Workers in this day and age are far more productive than they have ever been. The impact that technology has had on work, both in communication and manufacturing has increased the rate of production and the speed at which business can occur. Tech in the workplace has also helped workers to become far more efficient. What once took hours can now take minutes. Messages can be sent to clients across the world and proposals and payments can also be transferred instantly. Support for workers can also be found online.  For example, personal injury claim legal help can be obtained online and you can file a claim within minutes.

Working Together as One

Team coordination really has never been easier. When you look at online communication tools and technology you will soon see that people can now work together much more closely. Collaboration is also much simpler to achieve. Even when colleagues are not able to be in the same workplace physically, teams can hold meetings through video technology. They are also able to work on the same documents through file-sharing platforms such as Google Drive and this is fantastic to say the least.

Technology and Office Culture

Everyone knows that tech in the workplace is changing. Beer is available on tap in some workplaces and others are offering video games as a means for their team to relax at the end of a hard day. Open offices are also a trend. The mere idea of creating a better company culture can now be used to lure workers who are in-demand and this doesn’t look to be going away anytime soon. Technology in the workplace has also made it much more possible to work remotely. Companies need to create incentives to try and keep their workers happy and to also keep them drawn into the office.

Live where You Work

One of the biggest impacts of tech in the workplace is the workplace itself. Most jobs require you to clock in and work on-site but there really are so many open positions for those who telecommunicate, and people can now work from home more than ever before. Of course, with so many changes being made it’s not hard to see that so much is being done to try and help support this movement and some companies have even put in the effort to try and make sure that they give their teams the chance to work from home permanently. Only time will tell what the future holds, but right now it looks like tech has had a huge impact on the workplace and the effects are going to be felt for years to come.

Prev postNext post
Use your ← → (arrow) keys to browse

Continue Reading

Business

Quotes To Get Your Boss To Take Cyber Security Seriously

Published

on

cyber security

There is no denying that data security is something that all businesses need to take seriously today. Unfortunately, there are many companies out there who are failing to do so. This is because they have the “it won’t happen to me attitude.” However, many companies have closed after a data breach. Therefore, to save the future of your business and your job, try to convince your boss with these quotes…

We are going to start with a quote from the founder and CEO of Blue Lava, Inc, Demitrios ‘Laz’ Lazarikos, who talks about implementing a modern program on cyber risk. From privileged access management services to network segregation, we need to stay ahead of the times with our strategy.

“A modern cybersecurity program must have Board and Executive level visibility, funding, and support. The modern cybersecurity program also includes reporting on multiple topics: understanding how threats impact revenues and the company brand, sales enablement, brand protection, IP protection, and understanding cyber risk.”

If your boss thinks he or she is above the law, William Malik, VP and Research Area Director for Information Security at Gartner has a great quote on the matter…

“A business will have good security if its corporate culture is correct. That depends on one thing: tone at the top. There will be no grassroots effort to overwhelm corporate neglect.”

Chairman of the Ponemon Institute, Dr. Larry Ponemon, has spoken about insider attacks. Insider attacks – whether malicious or accidental – are the most common. However, they’re not being taken as seriously as they should…

“We discovered in our research that insider threats are not viewed as seriously as external threats, like a cyberattack. But when companies had an insider threat, in general, they were much more costly than external incidents. This was largely because the insider that is smart has the skills to hide the crime, for months, for years, sometimes forever.”

While some business owners do implement cyber security controls, there seems to be a lack of thought behind the strategy that is implemented, and this is what Dr. Chris Pierson, CEO at Binary Sun Cyber Risk Advisors has said on the matter…

“What we should actually be doing is thinking about what are our key controls that will mitigate the risks. How do we have those funneled and controlled through the team that we have, how do we work through that in a well-formatted, formulated process and pay attention to those controls we have chosen? Not a continual, add more, add more, add more.”

One of the biggest problems with data security is that a lot of business owners believe it is nothing more than an IT issue. Steven Chabinsky, Global Chair of Data, Privacy & Cybersecurity at White & Case LLP, has put this into perspective…

“Thinking of cybersecurity solely as an IT issue is like believing that a company’s entire workforce, from the CEO down, is just one big HR issue.”

So there you have it: some of the most compelling quotes out there regarding cyber security today. We hope these will help you to convince your boss that it’s critical!

Use your ← → (arrow) keys to browse

Continue Reading

Technology

Get The Most Out Of Your Phone With These Tips

Published

on

mobile apps

Most of us live with a smartphone or other device attached to our arm. Technology is such a big part of our lives these days and smartphones in particular continue to thrive and grow in popularity as time goes by.

But are you truly making the most of your smartphone? Today we are going to take a look at smartphones and the tools you can use to truly get the most use out of it.

1. Documents in one place

One of the greatest things about having a mobile phone is that you always have it with you. If you work in an office environment and often need access to files and documents on the go, be sure to use Google Drive and OneDrive. These cloud based services allow you to create, edit, and share word documents and spreadsheets wherever you are. It will make your life so much easier and your working days much more productive.

2. Shazam

Not the popular superhero, but the app. If you want to really make the most of your phone, download this magical app. If you are ever listening to a song on the radio or on TV, you can turn the app on and it will tell you exactly what it is.

3. Stay safe

Have you ever wondered what would happen if you lost your phone? Well, if you did lose your phone you might not be able to get it back because the person who finds it won’t know who you are. But, what if there’s an easy way to remedy this? By putting your phone number on your lock screen, anyone who finds your phone will be able to contact you and get it back to you safely.

4. Use Accuweather

There is nothing worse than going outside without a coat on and suffering in the rain. As well as the small losses like this, you want to avoid going outside while storms such as Storm Dennis are around, and Accuweather will send you alerts meaning that you will always know what’s going on outside.

5. Get the best data deal

There’s no point having an amazing smartphone that can do countless things online if you don’t have a great data plan. Use a company like honest mobile to get yourself unlimited data and this will mean you never worry about losing data.

6. Stay in the loop

Although often the news is pretty boring, it is still important for you to know what’s going on in the world so you can make decisions. One of the best tips we have is getting a news app on your phone that will send out Breaking News alerts to you when they happen.

7. Use Mail Drop

Our mobile phones are amazing little gadgets and they almost run like a mini computer, but there is one thing a mobile phone isn’t the best with: files. If you are looking to email a file to someone and it is too large, if you have an iPhone you can use a service called Mail Drop. This will essentially create an iCloud link to the file that is valid for 30 days so that the other party can access the file.

8. Control your PC from your phone

If you are ever out of the house and notice that you have left an important file on your computer that you need at work, don’t get in the car and go home. There is a handy tool you can use to control your computer from where you are and send yourself any files you need. TeamViewer is a remote computer control app that will allow you to use your computer from your phone.

9. Customise your keyboard

Have you ever noticed that the autocorrect function of your phone is a bit out there and funky? Instead of constantly ending up with random words in your sentences like flamingo or umbrella, you can customise your own keyboard and it will learn your patterns of speech. Download a third party keyboard and use this and it will make your life much easier.

10. Conserve your power

Due to the high processing power and heavy use of mobile phones it is no surprise that we often end up draining the battery before lunch time. But there is a simple function on your phone that can reduce this risk. In your settings, there should be a power option and a low battery mode. Turn this on and it will prevent any unnecessary background processes happening while your phone is idle or in use.

11. Make it charge faster

To follow on from the point above, what happens when you need to charge your phone in a short space of time? Turn on airplane mode and it will shut down background processes and allow the phone to charge much quicker.

12. Find your friends

If you have family members or friends that you need to track for meeting up or getting home for dinner, Find my Friends is the ideal app to use. It allows you to see where people are at all times so if your other half is stuck in traffic you can slow down dinner until they get home!

13. FLASH….AHHHH

If you have a habit of ignoring the notifications and alerts that pop up on your screen you might often find yourself forgetting about important appointments or reminders. To ensure that you always notice when an alert comes on the screen you can set your phone to flash. Never miss another important alert again!

14. Hard reboot

This tip is one that is known to most of us, but it is an important one to remember if you want to get the most out of your phone. If your mobile phone freezes or it seems to have a serious issue, make sure to reboot the system. We’ve all heard the old adage of turning it off and on again, and honestly, this is often the solution for you. If there is an issue, perform a hard reboot and your phone should be good as new.

15. Get rid of memory clog

As we use our mobile phones throughout our daily lives it is understandable that sometimes our memory gets clogged up with photos, videos, and music and apps. However after a while RAM will fill up so much that it will slow down the performance of the phone. Be sure that you can prevent this happening by getting rid of RAM. Clear out apps you don’t use and put your photos onto a computer or harddrive.

16. Enjoy a good workout

Did you know that there are many free apps out there that will show you workouts you can do at home? Why pay for an expensive gym membership when you can use a free app and workout in your living room instead? There are tonnes of great options such as yoga, pilates, HIIT and more. Take a look and see which ones suit you.

17. Learn to cook

If you are useless in the kitchen and you always feel as if you burn water, use your phone to help you learn. Stand your phone up and get some YouTube tutorials on the go to teach you simple skills in the kitchen. There are many helpful YouTube channels for cooking, including Binging With Babish and SortedFood.

18. Find your way home

If you have an android phone you are in look, and you’ll be able to find your home wherever you are. Head to Google Maps and create a shortcut that will take you home from wherever. It means you will not have to type in your address every time you want to head home from somewhere unfamiliar.

19. Fall asleep easy

If you are the kind of person who needs some background music when they are trying to fall asleep you are not alone. But instead of keeping a TV and then waking up in the middle of the night to switch it off, you can use your phone to lull you to sleep with your own music. The stopwatch app in iPhone allows you to set a ‘stop playing’ timer that will stop all music playing after a certain period.

20. Taking weird angle photos

We all know the real struggle of getting the perfect selfie, and this is made 10 times harder when you are trying to feel around for the little touchscreen button to snap your shot. If you are taking a photo at a weird angle and your finger can’t reach this button, did you know you can use the volume buttons instead? It’s much easier to do and you’ll likely get a less shaky photo as a result.

There are so many things that our phones can do and they truly do change the way we live our lives. Take these little tips and tricks away with you to make the most of your pocket computer this year and impress your friends.

Use your ← → (arrow) keys to browse

Continue Reading

Trending