Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
Tal Be'ery Profile picture
@TalBeerySec
Jan 17, 2024 8 tweets 3 min read Read on X
Scrolly
1/ A technical writeup on @Meta’s @WhatsApp privacy issue:
WA leaks victim devices’ end-to-end encryption (E2EE) identity information (mobile device + up to 4 linked devices) to any user, by design, even if blocked and not in contacts.
medium.com/@TalBeerySec/h…
2/ for example it can be applied on Hamas leaders (which obviously I did not have previous communication with)
3/ monitoring this device identity information over time allows potential attackers to gather actionable and valuable intelligence about their victim’s devices setup and changes to it (device replaced/ added / removed)
Image
Image
4/ This issue is not intrinsic to end-to-end encryption (E2EE) and stems from WhatsApp design choices to have "client fanout" and different keys for each device.
Sender is responsible for sending a different message to each of the recipient devices and thus must know them + keys Image
5/ I had reported to @Meta @WhatsApp and their response was that it works as designed.
They are right, but their design is wrong. Image
6/ I would expect WhatsApp to at least allow users to not expose such details to users that are not in their contact list (like they do with other features such as profile pic) Image
7/ currently nothing stops advanced cyber attackers, or even simple jealous ex-partner from spying on their victims and getting alerted about new devices they own and new opportunities to attack.
I hope @Meta @WhatsApp would reconsider and fix these issues. Image
8/ many thanks to my friends and family that helped with this research:
@t_tsafi @ace__pace @OphirHarpaz @LevAretz @yanivazaria @OmerShlomovits @GaryBenattar
And thank you @TechCrunch @lorenzofb for coverage techcrunch.com/2024/01/17/psa…

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Tal Be'ery

Tal Be'ery Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @TalBeerySec

Tal Be'ery Profile picture
Jun 13
1/ I think I have the answer! (blogpost at the bottom of 🧵)
Original Q: How was @WhatsApp able to patch a client-side vulnerability of malicious PDF parsing from the server-side, although server is not exposed to PDF content due to End-to-End Encryption (#E2EE)?
2/ Short answer: @whatsapp is indeed using @signalapp E2EE protocol, but "cheating" and leaking some metadata from the client side.
But in this case "cheating" benefits the user.
CC: @jsrailton @billmarczak @matthew_d_green @mer__edith @moxie Image
3/ This is how PDF (and other media) sending works in WhatsApp Image
Read 7 tweets
Tal Be'ery Profile picture
Jun 4
1/ There is a bigger security lesson here, applied to infosec too:
We often dismiss (e.g. lower CVSS) attack vectors that require proximity.
However, in many cases all it takes to make such attacks feasible is a carrier to bridge the distance
@thegrugq @dinodaizovi @ImposeCost
2/ In this case the "local" FPV drones attack was made possible with trucks that bridged the thousands of KMs separating Ukraine and the attacked Russian airbases (and relaying the control protocol over 4G/LTE).

Infosec examples below: Image
3/ WiFi: The “Nearest Neighbor Attack”, the carrier is remote hacking of the target's neighbor to leverage Wi-Fi networks in close proximity to the intended target, while the attacker was halfway around the world.
Image
Read 4 tweets
Tal Be'ery Profile picture
Mar 14, 2022
1/ A (over-?) simplified summary 🧵 of #Ethereum data signing methods evolution.
data signatures are used for off-chain use cases ("sign in to app") or verified by smart contracts (e.g. ERC20 permit to save gas)
#web3 Image
2/ Eth_sign (legacy): in the beginning, client could sign anything, which of course could allow attackers to serve valid on-chain transactions as data for the victims to sign
3/ Eth_sign: Eth_sign was upgraded, so it would include a prefix and as a result the output cannot be a valid transaction. github.com/ethereum/go-et…
However, it serves a hash for the user, so the user has no clue on what is the original data (pre-image) they sign on
Read 7 tweets
Tal Be'ery Profile picture
Jan 25, 2021
1/ Solving the root cause of #GoldenSAML attacks, recently used in #Sunburst attacks.
Don't of scale security "UP", burying #SAML's private key deeper in HSM,
scale it "OUT": distribute it w/ modern crypto (#TSS #MPC)+ service architecture, as we do for #cryptocurrency @ZenGo
2/ Advanced attackers (#APT) steal long term secrets ("the stamp") that allow them to issue access tokens and thus access all services in victims' environment, bypassing all security, including multi-factor auth (#MFA,#2FA)
3/ @CISAgov recommends protecting such secrets with hardware (HSM), but this solution is not always feasible, does not scale well and is susceptible to vulnerabilities especially when facing #APT attackers (hence: "aggressively updated")
media.defense.gov/2020/Dec/17/20…
Read 8 tweets
Tal Be'ery Profile picture
Jan 23, 2021
Abusing #ADFS for #GoldenSAML attack, heavily used by #Sunburst attackers.
To get context, see the fabulous '19 talk @WEareTROOPERS by @doughsec @BakedSec of @Mandiant @FireEye (the irony..)
Slides: slideshare.net/DouglasBiensto…
Decrypting #ADFS #SAML private key
Tools:
github.com/fireeye/ADFSpo…
github.com/fireeye/ADFSDu… Image
Read 4 tweets
Tal Be'ery Profile picture
Nov 5, 2020
1/ IT politics is part of the "physics" of the security problem, much like friction, noise and air resistance in the physical world.
An often overlooked aspect of security solutions is that they empower CISOs to mitigate issues without asking others for help
2/ Per the "Kerberoasting" example mentioned by @jaredhaight, the naive solution would be to just ask service account owners to upgrade password strength.
However, the CISO may have a security solution that monitors Kerberos requests to the DC and blocks massive harvesting
3/ while it might not be the perfect solution, but the CISO can do it right away without asking anyone and buy precious time to fix the root cause of the problem.
Read 5 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

Send Email!

:(