Tal Be'ery – Medium

Tal Be'ery

Meta’s Data: Meta’s WhatsApp Fix for View Once and its Impact on Metadata

TL;DR: Following our discovery and disclosure of Meta’s WhatsApp View Once media privacy issue, WhatsApp has silently updated its Servers…

Dec 9, 2024

Meta’s Data: Meta’s WhatsApp Fix for View Once and its Impact on Metadata

Dec 9, 2024

Debugging Okta’s AWS SAML

A short write up on the actual debugging of Okta SAML for AWS.

Nov 10, 2024

Debugging Okta’s AWS SAML

Nov 10, 2024

I Know Which Device You Used Last Summer: Fingerprinting WhatsApp Users’ Devices

WhatsApp leaks user device setup (# of devices, mobile or not) and Operating System info (Android, iPhone / iOS, Windows, Mac)

Oct 15, 2024

I Know Which Device You Used Last Summer: Fingerprinting WhatsApp Users’ Devices

Oct 15, 2024

WhatsApp View Once Privacy Issue Initial Fix Assessment: The Good, the Bad and The Ugly

TL;DR: Following our recent discovery and disclosure of Meta’s WhatsApp View Once media privacy issue, WhatsApp have silently updated its…

Sep 16, 2024

WhatsApp View Once Privacy Issue Initial Fix Assessment: The Good, the Bad and The Ugly

Sep 16, 2024

Once and Forever: WhatsApp’s View Once Functionality is Broken

Meta’s WhatsApp suggests using “View once” media for privacy. We discovered attackers can and actually do bypass this limitation.

Sep 9, 2024

Once and Forever: WhatsApp’s View Once Functionality is Broken

Sep 9, 2024

Revealing the Inner Structure of AWS Session Tokens

TL;DR: A world first reverse engineering analysis of AWS Session Tokens. Prior to our research these tokens were a complete black box…

Jul 25, 2024

Revealing the Inner Structure of AWS Session Tokens

Jul 25, 2024

Hi Meta, WhatsApp with Integrity?

TL;DR: Meta’s WhatsApp suffers from an integrity issue that allows attackers to create an inconsistent world view on victims’ multi-device…

May 21, 2024

Hi Meta, WhatsApp with Integrity?

May 21, 2024

Published in
Zengo Wallet

Bad Randomness: Protecting Against Cryptography’s Perfect Crime

TL;DR: Black Hat Asia invited Zengo’s research team to present research on a critical but often overlooked vulnerability in cryptography…

May 8, 2024

Bad Randomness: Protecting Against Cryptography’s Perfect Crime

May 8, 2024

The Ambassador protocol: Multi-device E2EE with Privacy

TL;DR: In this blog we present the ambassador protocol, our new cryptographic solution to enable End-to-End Encryption (E2EE) in the…

Mar 3, 2024

The Ambassador protocol: Multi-device E2EE with Privacy

Mar 3, 2024

Unnecessary Evil: Multi-Device Instant Messaging can be private

TL;DR: Contrary to Meta’s WhatsApp claims, it is possible to have an Instant Messaging service with End-to-End Encryption (E2EE) in the…

Jan 21, 2024

Unnecessary Evil: Multi-Device Instant Messaging can be private

Jan 21, 2024

Tal Be'ery

Tal Be'ery

All things CyberSecurity. Security Research Manager. Co-Founder @ZenGo (KZen). Formerly, VP of Research @ Aorato acquired by @Microsoft ( MicrosoftATA)

Following

Help
Status
About
Careers
Press
Blog
Privacy
Terms
Text to speech
Teams