What can we learn from the WhatsApp breach?

What can we learn from the WhatsApp breach?

Paul Farrington, EMEA CTO, Veracode, discusses WhatsApp’s handling of its vulnerability disclosure and what this breach says about the way organisations detect and disclose software vulnerabilities.
In May, WhatsApp revealed details of a vulnerability in its system that could have allowed hackers to gain access to users’ smartphones. WhatsApp is one of the most popular messaging tools in the world, with a sizeable 1.5 billion monthly users. It is favoured for its high level of security and privacy, as messages are encrypted end-to-end.
The good news for end user is that the vulnerability has a fix and an updated version of the app has been made available as an extra precaution. However, it has raised the importance of secure code, and this breach in particular says a lot about the way organisations more broadly detect and disclose software vulnerabilities.
In this instance the breach was caused by the CVE-2019-3568 vulnerability in the VOIP stack, a buffer overflow flaw. What is important to note is that this isn’t a new vulnerability.
In fact, according to Veracode’s report State of Software Security Volume 9, it is the 25th most common vulnerability, and is found in three percent of applications.
Although it may not be as prevalent as some other flaw categories (such as XSS or SQL injection), it is a highly exploitable flaw. Organisations should be well aware of it and have plans in place for addressing the vulnerability quickly.
Also of interest: Should we fear Huawei?

Copyright Lyonsdown Limited 2020

Top Articles

North Korean hackers indicted for cyber attacks and financial crimes worldwide

Three North Korean hackers were indicted for carrying out a wide range of cyber crimes and stealing more than $1.3 billion in cryptocurrency.

Popular Trends With Ties to Bitcoin

Love it or hate it, Bitcoin is one of the biggest trends around the globe right now.

Why Bitcoin Has the Highest Market Cap?

Not only is Bitcoin the first cryptocurrency ever invented, but it has managed to remain the most successful one, even as the competition grew, namely, today, there are over 2,000…

Related Articles