Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
[Web Feed] In this article we will have a look at how a simple phishing attack through a...
1 view
Skip to first unread message
Feed Supplier
Apr 28, 2021, 2:46:08 PM4/28/21
to
..n Android messaging application could result in the direct leak
In this article we will have a look at how a simple phishing attack through an Android messaging application could result in the direct leakage of data found in External Storage (*/sdcard*). Then we will show how the two aforementioned WhatsApp vulnerabilities would have made it possible for attackers to remotely collect TLS cryptographic material for TLS 1.3 and TLS 1.2 sessions. With the TLS secrets at hand, we will demonstrate how a man-in-the-middle (MitM) attack can lead to the compromise of WhatsApp communications, to remote code execution on the victim device and to the extraction of Noise [
www.noiseprotocol.org/: 05] protocol keys used for end-to-end encryption in user communications.
Link 1
CENSUS | IT Security Works: https://census-labs.com/news/2021/04/14/whatsapp-mitd-remote-exploitation-CVE-2021-24027
In this article we will have a look at how a simple phishing attack through an Android messaging application could result in the direct leakage of data found in External Storage (*/sdcard*). Then we will show how the two aforementioned WhatsApp vulnerabilities would have made it possible for attackers to remotely collect TLS cryptographic material for TLS 1.3 and TLS 1.2 sessions. With the TLS secrets at hand, we will demonstrate how a man-in-the-middle (MitM) attack can lead to the compromise of WhatsApp communications, to remote code execution on the victim device and to the extraction of Noise [
www.noiseprotocol.org/: 05] protocol keys used for end-to-end encryption in user communications.
Link 1
CENSUS | IT Security Works: https://census-labs.com/news/2021/04/14/whatsapp-mitd-remote-exploitation-CVE-2021-24027
0 new messages