According to a blog post by PerimeterX, its cybersecurity researcher and JavaScript expert Gal Weizman found a find a gap in the Content Security Policy (CSP) used by WhatsApp, enabling bypasses and cross site scripting (XSS) on the desktop app.
EXPERTS COMMENTS
Keith Geraghty, Solutions Architect , Edgescan
February 06, 2020
Organisations worried of this potential entry vector should also consider blocking the desktop version of WhatsApp.
First of all, users should ensure they use the latest safe release of the software. But while defences on the software side may add a layer of protection, it’s been proven the most effective approach to these types of attacks is educating your users. Organisations need to invest in proper phishing campaigns, educating non-security savvy people to review and look closely at the link they are abou ....First of all, users should ensure they use the latest safe release of the software. But while defences on the software side may add a layer of protection, it’s been proven the most effective approach to these types of attacks is educating your users. Organisations need to invest in proper phishing campaigns, educating non-security savvy people to review and look closely at the link they are about to click. This can be as simple as simply hovering over the link and observing where you will be taken or what you are downloading. Organisations worried of this potential entry vector should also consider blocking the desktop version of WhatsApp, and - if not required on company held smartphones – disabling the app with management systems such as MobileIron.
[Read More >>]
[Read More >>]
Corin Imai, Senior Security Advisor , DomainTools
February 06, 2020
WhatsApp has an estimated 1.5 billion monthly users.
The fact that this vulnerability exists in such a prominent messaging platform is definitely a cause for concern. WhatsApp has an estimated 1.5 billion monthly users, and in developing democracies such as India where WhatsApp counts 200m user base, it has become a substitute of town-square talk. Users in India would have their ‘family’ and ‘friends’ chat groups, but often also use third-pa ....The fact that this vulnerability exists in such a prominent messaging platform is definitely a cause for concern. WhatsApp has an estimated 1.5 billion monthly users, and in developing democracies such as India where WhatsApp counts 200m user base, it has become a substitute of town-square talk. Users in India would have their ‘family’ and ‘friends’ chat groups, but often also use third-party apps to find and join WhatsApp groups aligned with their political views. For a vulnerability to be able to edit the content of messages is both a legitimate cause for concern from a cybersecurity perspective, but potentially also from a fake news perspective.
[Read More >>]
[Read More >>]
If you are an expert on this topic:
SUBSCRIBE to alert when new comments are posted on this news. :
[Read More >>]