Profile picture
Elliot Alderson
@fs0c131y
, 11 tweets, 6 min read Read on Twitter
Yesterday, @CheckPointSW published this excellent report about a new malware called "Agent Smith". When I read it something hit me, @WhatsApp is vulnerable to the 2 years old Janus vulnerability! This is huge, WHAT ARE YOU DOING AT WHATSAPP? 1/n research.checkpoint.com/agent-smith-a-…
The Janus vulnerability is a super cool vulnerability found by @Guardsquare. It gives the possibility to the attacker to modify an APK and keep the original signature. You can consider that as the Holy Graal 2/n guardsquare.com/en/blog/new-an…
Two conditions for this attack to be successful:
- The victim's Android version should be between 5.1.1 and 8.0
- Vulnerable application has been signed with APK signature scheme v1

3/n
One exception: If the application has been signed with mixed APK signature schemes (v1 and/or v2 and/or v3), devices with Android 7.0 and newer are not affected 4/n
The smart people at @WhatsApp signed the app with mixed APK signature schemes. They still use the signature scheme v1... As a consequence, WhatsApp is vulnerable to the Janus vulnerability for Android 5.1.1 to Android 6.0.

5/n
According to the latest Distribution dashboard made by @Google 28,4% of the Android devices has Android 5.1.1 or Android 6.0. Did you realize how many devices are vulnerable WhatsApp team?! What are you waiting? 6/n
To test it, I took an old device with Android 6.0 and added the log "fs0c131y was here" in AppShell. Now every time, I'm starting WhatsApp, I'm seeing my log.

It can be worst than that... 7/n
As seen in the "Agent Smith" malware, the attacker can switch your application to multidex and so add as much code as he want.

Your app will be signed correctly, in apparence this is the app made by WhatsApp but inside the code is totally different 8/n
This kind of behavior is irresponsable, they put in danger the privacy of hundred of thousands. As we saw with the "Agent Smith" this is used by bad actors...

My rant is finished.
I spoke a lot about WhatsApp here but a lot of apps are vulnerable: all the @reliancejio apps, @Truecaller, @Xender_App, @SwiftKey, ...
Hey @WhatsApp maybe you should ask to @WeChat how to mitigate it 😏
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Elliot Alderson
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

More from @fs0c131y see all

Profile picture
Elliot Alderson
@fs0c131y
Thanks to the @ScrapyProject spider I made, everybody is now able to get the latest @TheBitfi sources: github.com/fs0c131y/Bitfi…
The latest version of the @TheBitfi sources is available on @Github. This repo will be automatically updated every day. github.com/fs0c131y/Bitfi…
I love facts. For the moment there is, intentionally?, no versioning. We will version their code and see what happens.

cc @KhesinDaniel @cybergibbons
Read 4 tweets
Profile picture
Elliot Alderson
@fs0c131y
Hi @TheBitfi,

I would like to analyse the source code of your Android app and your firmware, is it possible for you to send me the source code?

Regards,
cc @KhesinDaniel
if needed my email address is fs0c131y[at]protonmail[.]com
Read 3 tweets
Profile picture
Elliot Alderson
@fs0c131y
Achievement unlocked: My engineer school is following me on Twitter.

Welcome to my feed @INP_ENSEEIHT 👋
I would laugh so much if you add the Elliot Alderson avatar in the brochure "They studied at Enseeiht and now they have cool jobs. Join us!"
*engineering school (Apparently, I need to go back to school 😁)
Read 3 tweets

Related threads

Profile picture
Andrew Kimmel
@andrewkimmel
1/ It has been exactly one year since I lost my dad. The events that led up to his death are dark, but I think it is important to share what and why it happened as Let me start by introducing my dad...
2/ He was a hard-working, honorable, loving, thoughtful human being. He served several years in the US Army as a medic, but was luckily never sent to Vietnam. He built his career in clothing manufacturing - something his father & mother had done before him.
3/ My dad was always the life of the party. He would travel regularly to Asia and the Middle East and would always come back with gifts and stories. He was my biggest supporter and we spoke nearly every day about politics, work, and life. Family meant EVERYTHING to him.
Read 22 tweets
Profile picture
Filomena Rocha
@Filomen03258997
5. Israel's regime is the biggest threat to peace in the world
#Zionists #ApartheidIsrael #Apartheid #IsraelCrimes #PalestinianGenocide #WorldConspiracy #IsraeliCrimes #israeliterrorism #IsraelZionism #DeepState #DeepStateCorruption #IsraelInterferenceInUSPolicy #IsraelLobbyGroup
By @MuhammadSmiry
Am I allowed to be outraged by this, or does that make me "antisemitic" ?

- Video of a Palestinian child being assaulted by Israeli police this morning.
By @syedakif17

Isreali goons dressed in uniforms violating basic human rights of Palestinians 24/7.

Constitution of Israel is based on Talmud where Goyims have no rights.

If a Zionist kill anyone, he's not to be punished, he's owns gentiles.
Read 217 tweets
Profile picture
Charles Lister
@Charles_Lister
Gut wrenching.

This young girl was killed today in #Assad regime shelling of Khan Sheikhoun, #Idlib. Her father could only hold her feet as she was carried away.

#Idlib might as well be Mars for 99.9% of the world these days.

The world is a cruel place. #Syria
Very important data from @ACLEDINFO, detailing the "disproportionate" scale of pro-#Assad violations of the demilitarized/de-escalation zone in #Syria's #Idlib/NW.

Moreover, regime shelling in Feb 2019 was x4 the previous monthly average.
@ACLEDINFO In a meeting with opposition fighters, #Turkey ordered #NLF factions to retaliate to #Assad regime shelling in #Idlib.

#Ankara also warned #Moscow & #Tehran that it'd withdraw from #Astana if attacks continued.

turkey-breaking.com/%d8%aa%d8%b1%d…
Read 27 tweets
Profile picture
Bellingcat
@bellingcat
Yesterday we published a long thread detailing our new investigation unmasking a GRU agent. Today, let's do one on @kooleksiy's new investigation on our site detailing Ukraine's Azov movement's efforts to co-opt American white supremacists and extremists.
bellingcat.com/news/uk-and-eu…
This story starts from an FBI report that detailed how members of the U.S. neo-Nazi group Rise Above Movement (RAM), based in California, had contacts in Ukraine. RAM members were charged in the U.S. for violence in Charlottesville during the Unite the Right rally there.
Olena Semenyaka, mentioned in this FBI report, is a central figure in this investigation. She works with Azov as their "International Secretary of the National Corps". She's well-known in European neo-Nazi circles, and will be speaking at a far-right conference in Finland.
Read 37 tweets
Profile picture
Matthew Green
@matthew_d_green
New vulnerabilities in many PGP and S/MIME enabled email clients. Allows exfiltration of plaintext by mauling HTML emails. A few thoughts. efail.de
In a nutshell, if I intercept an encrypted email sent to you, I can modify that email into a new encrypted email that contains custom HTML. In many GUI email clients, this HTML can exfiltrate the plaintext to a remote server. Ouch. 2/
It’s an extremely cool attack and kind of a masterpiece in exploiting bad crypto, combined with a whole lot of sloppiness on the part of mail client developers. 3/
Read 16 tweets
Profile picture
G. Elliott Morris📈🤷‍♂️
@gelliottmorris
New #PA Congressional map is pretty much the best one Democrats could have hoped for. At least 2 pickups in neutral environment, likely ability to win 11 in current D+6 environment. Post coming
PA redraw creates map that is almost entirely drawn from scratch. Huge shifts from 2016 plan all over the place. Dems favored to win 9 seats there in almost any national environment.
(big swings mostly from renumbering, but aggregate differences are clear)
Read 11 tweets

Trending hashtags

#MBS #Israeli #Balkans #IsraeliCrimes #JF #Moscow #HumanRights #MORE #IntellectualPropertyTheft #Philanthropy #US #TSK #PalestinianGenocide #CONSPIRACY #ClintonBodyCount #Rome #NEW #NakbaDay #CarteretNJ #Iran #HRC #Tehran #Palladism #Apple #Aleppo
Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!