Whats App V card Vulnerability Explained

By -
All the Whats App Users are Vulnerable to this whats app V card Vulnerability !! . Estimated More than 200 Million Users Exposed to the V card Vulnerability . V card vulnerability allows to execute ransom ware , Remote Access Tools , etc allowing access to the whole system when using Whats App Web !! .
Whats App is very common . Almost the whole World population on whats app today . Whats app that has been recently acquired by Facebook.com claims to have hit 900 Million monthly active Users . However this flaw puts all the whats app users at risk  .
The Flaw is basically exploiting the web based extension of Whats app that was quiet recently introduced : Whats App Web !

Whats App Web ?

Whats App Web is a Web extension of the Whats app Application and allows to use the Whats App using the Browser on your Laptop or PC . The Web Application fully synchronizes with your phone .

The Vcard Vulnerability Exposes the Whats App users to THREATS !

How Whats App Vcard Vulnerability Exploitation Works

The Attacker can trick the Whats app web users into executing the arbitrary code on the Laptops (on which they are using Whats app web) , well lets say using a technique quiet different .
The Attacker can send a Legitimate looking V card to the users containing the malicious code . The victim of this attack on the other hand is unaware of the malicious code hidden in this V card and is easily exploited . The Attacker can send a Trojan , a Remote Access tool or a Ransom ware using this attack . Well the good news is that the victim needs to open this V card and hence we can avoid from getting hacked if the V card is from unknown Phone Number . Once opened , the contact is revealed to be an executable file further compromising your system .
  • Take complete control over the target machine
  • Monitor user’s activities
  • Use the target machine to spread viruses
WhatsApp verified and acknowledged the security issue and have deployed the fix in web clients world-wide. To make sure you are protected, update your WhatsApp Web right now.

Technical Summary :

The flaw affects all versions of WhatsApp before V0.1.4481. So, users are advised to make sure that they are running the fully updated version of WhatsApp.
The Whats app web allows to send and recieve any media file and contact cards among the users . The whats app V card vulnerability lies in the improper filtering of the contact cards and allows malicious code to be delivered via a v card format . The implication of this innocent action is downloading a file which can run arbitrary code on the victim’s machine.

The Hack :

It is found to be possible to control the file extension of the contact card file . Here you can see how the V card file can have a .bat extension which is a Windows Batch file extension . This means, once the victim clicks the downloaded file (which he assumes is a contact card), the code inside the batch file runs on his computer.
The below picture shows a sample V card for exploitation .

You can inject the command to the name attribute if the V card File , seperated by the “&” character . Windows will attempt to run all the code lines in the file .

Comments

Post a Comment

Popular posts from this blog

HACK EMAIL-ID,USERNAME AND PASSWORD OR ANY USER DETAILS BY USING KALI LINUX.

By -
Image
HACK EMAIL-ID,USERNAME AND PASSWORD OR ANY USER DETAILS BY USING  KALI LINUX . Today,i am going to show you how you can get email-id,username and password or any user details you want by using  KALI LINUX . STEPS FOR SETTING UP YOUR SYSTEM. Download Kali Linux from   here . Extract the contents of Kali Linux iso file which you  downloaded in step and copy it to pendrive or instead of pendrive burn the iso file in cd if you want to make a cd of it. After copying all contents to pendrive or burning the iso file in cd,reboot you system,press F8 on boot-time and select boot from pendrive if you have copied all the files in pendrive,else boot from cd-rom if you burn the iso file in cd. After selecting the boot from device,the kali installation window will open,install accordingly as per your requirement. NOTE:During installation,in mount point of selected installation drive,set mount point to  "/" . Remember the username and password while installation as this will
Read more

Port Fail Vulnerability : Critical VPN Vulnerability

By -
Image
Port Fail Vulnerability : Critical VPN Vulnerability How Port Fail Vulnerability Exposes your REAL IP on SKYPE Using Port Fail Vulnerability it’s possible to disclose the real IP of a Skype accounts you’re interested in. There are a bunch of Skype IP resolvers which can give you the VPN IP address and port number of a Skype user using only their Skype login. Then you need to use the same thing a copyright monitoring company would use — send some UDP packets to the whole internet on the exact port. It’s remarkable but Skype will send you a reply for almost any data! The nping utility from  nmap  package suits our needs very well: # nping --udp -p 13318 --data-string 'hellothere!' -c 1 serv.valdikss.org.ru Starting Nping 0.7.00 ( https://nmap.org/nping ) at 2015-12-20 19:54 MSK SENT (0.0157s) UDP 195.154.127.59:53 > 92.42.31.8:13318 ttl=64 id=10802 iplen=39  RCVD (0.0859s) UDP 185.61.149.121:4272 > 195.154.127.59:53 ttl=54 id=1534 iplen=32    Max rtt: N/A | M
Read more