Android WhatsApp Bugs

Levan Rolle
Maryville_University_Cyber_Fusion_Center
2 min readApr 16, 2021

Vulnerability Details

What’s app was launched in November 2009 originally as an iOS application. After its population grew, they offered an Android version of the application in August 2010. Their popularity continued to grow and they were brought by Facebook in February 2014 for $19 billion. Today WhatsApp is reported to have over 2 billion monthly active users globally. Vulnerabilities for the Android version of WhatsApp were recently discovered and were found to give malicious actors the ability to execute malicious code remotely as well as exfiltrate sensitive information. This vulnerability works through a man-in-the-middle attack where malicious actors remotely collect cryptographic information from TLS sessions. Using this data malicious actors can gain access to any data stored in the device’s external storage area including WhatsApp data and others including Viber, Facebook Messenger, or mobile games.

Affected Systems

This vulnerability is currently known to affect Android systems that meet the following criteria;

· Running versions 9 and below

· Using the latest Version of WhatsApp

Remediation

Currently, the best way to remain insusceptible to this vulnerability is to upgrade all Android Operating systems from version 9 to version 10. Also, to not install version 2.21.8.4 of WhatsApp that was released on April 8th, 2021.

Upon request, the Maryville Cyber Fusion Center can perform a security audit, determining if you are vulnerable to this and suggest or assist with remediation if vulnerabilities exist. Please reach out to cyber@maryville.edu if you have any questions or concerns relating to this vulnerability.

References

Dean, B. (2021, March 2). WhatsApp 2021 User Statistics: How Many People Use WhatsApp?

Retrieved April 15, 2021, from https://backlinko.com/whatsapp-users

Iqbal, M. (2021, March 9). WhatsApp Revenue and Usage Statistics (2020). Retrieved April 15,

2021, from https://www.businessofapps.com/data/whatsapp-statistics/

Lakshmanan, R. (2021, April 14). New WhatsApp Bugs Could’ve Let Attackers Hack Your Phone

Remotely. Retrieved April 15, 2021, from https://thehackernews.com/2021/04/new-whatsapp-bug-couldve-let-attackers.html

Uptown. (2021, April 14). WhatsApp Messenger. Retrieved April 15, 2021, from

https://whatsapp-messenger.en.uptodown.com/android

--

--

Maryville_University_Cyber_Fusion_Center
Maryville_University_Cyber_Fusion_Center

Published in Maryville_University_Cyber_Fusion_Center

The Maryville University Cyber Fusion Center is a faculty-managed student-run organization offering services including vulnerability management, digital forensics, and threat monitoring, user awareness training, and more to numerous clients.

Levan Rolle
Levan Rolle