Whatsapp is the epitome of the definition of a true powerhouse. It has over 2 billion users, and more join this social media platform every day. It is the source of income for multiple businesses which consist of resellers, or any other career which involves people communicating through messages. With this amount of exposure give to WhatsApp, it is an untold understanding that the data of the users should be kept safe.
However earlier this year, those WhatsApp users using an iPhone were alerted about a one-click attack risk. For instance, An alleged “sharp rise” in WhatsApp security flaws across 2019 has even led to some reports of political staffers being advised to switch to competing secure messenger, Signal.
It is a mutual understanding as well as mutual knowledge that no app is immune to vulnerabilities. After all, it is just a software handing billions of peoples data at a single time. The fact that vulnerabilities are dealt with is important. We should welcome the new security that WhatsApp has launched with open arms. Not only it is about the transparency WhatsApp provides us, but also about how quickly the flaws are solved. Which according to me, WhatsApp wins on both counts.
“We conduct internal security reviews and rely on automated detection systems to identify and fix potential issues proactively,” Quoted WhatsApp’s security blog. With this, they promise to provide us with more transparency, on WhatsApp as well as Facebook.
WhatsApp has recently listed six vulnerabilities in its 2020 Updates on their own advisory site. Only one of these has been rated problematic. That one being the 2019 common vulnerabilities and exposure (CVE) date. It is rated as problematic by the VULDB vulnerability database resource. While the remaining five are all critical.
The five critical WhatsApp vulnerabilities are listed as follows:
- CVE 2020-1886: This was a butter overflow problem with WhatsApp for Android app. Just by answering and receiving an ill-disposed video call, versions before v2.20.11 would be triggered.
- CVE 2020-1889: This affected the WhatsApp web before the v0.3.4932 version. It was an escalation of privilege and a threat to the users. When combined with a remote code execution vulnerability to escape the system security sandbox.
- CVE 2020-1890: Another Android app problem fell into WhatsApp’s lap. This was triggered by the malicious sticker message, unlike the last time. This could again lead to privilege escalation.
- CVE 2020-1891: One of the rare vulnerabilities that were there both in android as well as iOS. This time, it involved the video call handler. Whatsapp has kept is vulnerability pretty much under wraps. Confidentiality, integrity and availability could be impacted and that is all that’s known to the public.
- CVE 2020-1894: This was one of the biggest issues in Android as well as the iOS apps. This could allow arbitrary code execution which could be triggered. By none other than the ill-disposed push to talk button.
Now that we’ve been through the vulnerabilities of WhatsApp. It does make the user feel after that WhatsApp is working on fixing those. Meanwhile, there are other messenger apps coming up, like Telegram. What if they have the same or similar vulnerabilities as well? Looks like we’ll have to wait for them to reveal it.