Whatsapp adium3/20/2023 ![]() The Dutch developer didn't attempt to contact WhatsApp before disclosing the issue publicly. This allows an attacker to intercept a message sent by a user to the server and resend it back to the user as if it came from the WhatsApp server, but this is not something that can be easily exploited, Alkemade said. WhatsApp also uses the same RC4 encryption key for HMAC (hash-based message authentication code) operations to authenticate messages. "I don't think the situation will be different with the iOS client," he said. Since then he has confirmed that the issue exists in the WhatsApp clients for Nokia Series 40 and Android devices. ![]() It's a mistake made by the Soviets in the 1950s and by Microsoft in its VPN software in 1995, he said.Īlkemade released proof-of-concept exploit code for the vulnerability, but initially tested it on the WhatsPoke open-source library, not on the official WhatsApp client. Reusing the key in this manner is a basic crypto implementation error that the WhatsApp developers should have been aware of, Alkemade said Wednesday. Because of this, if two messages are encrypted with the same key and an attacker can intercept them, like on an open wireless network, he can analyze them to cancel out the key and eventually recover the original plaintext information.
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |