CENSUS identified two vulnerabilities in the popular WhatsApp messenger app for Android. The first of these was independently reported to Facebook and was found to be patched in recent versions, while the second one was communicated by CENSUS to Facebook and was tracked as CVE-2021-24027. At present, both vulnerabilities have been patched.
Researchers have explained how a man-in-the-middle (MitM) attack can lead to the compromise of WhatsApp communications, remote code execution on the victim device, and the extraction of Noise protocol keys used for end-to-end encryption in user communications.
Scoped Storage Feature
Android 10 introduced the scoped storage feature, as a proactive defense against these types of attacks. With scoped storage, apps get by default access only to their content on External Storage. Apps bearing certain permission can also access content shared by other applications. Full access to External Storage is only granted to special-purpose apps (e.g. file managers) that have been audited by Google.
Android 11 is the first version to fully enforce the scoped storage rules on all apps, while Android 10 included a permissive mode of operation to provide developers with the needed time to transition to the new file access scheme.
The Android Media Store Content Provider
When a user clicks on a picture message, WhatsApp needs to call an external application to view the file. However, the external application might not have access to WhatsApp’s internal storage. In the picture case, there must be a way for the photo viewer to locate, read and display media files belonging to WhatsApp.
The concept of Content Providers, an IPC mechanism by which one application (e.g. WhatsApp) can share resources with any other application (e.g. Google Photos). Content providers are a powerful tool in the hands of Android developers.
Session Resumption and Pre-Shared Keys in TLS 1.3
During this process, communicating peers will authenticate each other, negotiate cryptographic parameters and determine various aspects of the connection via a set of agreed-upon extensions.
If a remote attacker could collect the PSK from the client device, then it would be possible to perform a man-in-the-middle attack on this client when in TLS session resumption, as no certificate validation would be performed against the fraudulent server endpoint.
Session Resumption and the Master Secret in TLS 1.2
In TLS 1.2 session resumption is based solely on Master Secret knowledge; if the two communicating parties have saved their previous state in a secure location, they can continue communicating by re-deriving new session keys based on the previously agreed upon a shared secret.
In this case, the attackers cannot use known encryption keys or MAC secrets to compromise the master_secret without breaking the secure hash operations.
Attacks against Whatsapp
Privacy is one of WhatsApp’s major features. It is achieved by using end-to-end encryption in messages exchanged between clients, as well as through the use of TLS 1.3 / TLS 1.2 for the client to server communications (the actual protocol used depends on the endpoint).
All an attacker has to do is lure the victim into opening an HTML document attachment. WhatsApp will render this attachment in Chrome, over a content provider, and the attacker’s Javascript code will be able to steal the stored TLS session keys.
Experts explained two attacks against WhatsApp, one leading to code execution and one leading to leakage of Noise protocol keys, used in end-to-end encryption of user communications.
Final Word
Once the TLS session secrets were collected it was possible to perform a man-in-the-middle attack on WhatsApp communications.
The man-in-the-middle attack allowed the attacker to execute arbitrary code on the victim’s device. Moreover, the man-in-the-middle attack allowed for the collection of the victim user’s Noise protocol cryptographic material, which could later be used for the decryption of user communications.
CENSUS strongly recommends to users to make sure they are using WhatsApp version 2.21.4.18 or greater on the Android platform, as previous versions are vulnerable to the above-mentioned bugs and may allow for remote user surveillance.
CENSUS has tracked the TLS 1.2 man-in-the-disk vulnerability under CVE-2021-24027.
There are many more subsystems in WhatsApp which might be of great interest to an attacker. Other popular Android messaging applications (e.g. Viber, Facebook Messenger), or even mobile games might be unwillingly exposing a similar attack surface to remote adversaries.
You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.
