Access over 35 million homework & study documents

Vulnerability

Content type
User Generated
Subject
Computer Science
School
Murdoch University
Type
Homework
Rating
Showing Page:
1/4
Running head: VULNERABILITY 1
TITTLE:
NAME:
SCHOOL:
DATE:

Sign up to view the full document!

lock_open Sign Up
Showing Page:
2/4
VULNERABILITY 2
VULNERABILITY
Name: A buffer overflow vulnerability in WhatsApp VOIP stack
CVE: CVE-2019-3568
WhatsApp refers to a mobile app used to send and receive free voice calls, Video calls, and Text
messages. The app is used by a wide range of populations within the entire globe and is, therefore,
a platform that might expose a lot of individual information if at all the end-to-end encryptions
and security is not put up well. The App runs on Windows, iPhone, Windows phone, Mac, and
Windows Pcs. Being an online app, it has been exposed to being attacked in various ways in the
online platforms, and therefore it is vulnerable. It has suffered from a classic buffer overflow
weakness from time to time and keeps on updating its application and security to overcome and
solve the problem every time it occurs. Recently WhatsApp has had several challenges in securing
the end-to-encryption. The CVE-2019-3568 refers to a buffer overflow vulnerability in the
WhatsApp Voice over IP stack which allows execution of manipulated series of SRTCP (Secure
Real-time Transport Protocol) to targeted users of the app.
Recently WhatsApp published the security drawback they had where an attacker could easily
attack targeted phones via phone call and inject spyware. The call made doesn’t require the victim
to answer for the hacker to gain control of the application but all it needs is for the call to go
through to the victim’s a gadget/device. By this security faultiness, the attacker is in a position to
steal important information shared via the platform, and also, he/she is in a position to cause a
malfunction in the devices and operating system in which the WhatsApp application is running.
This simply means that the hacker is in a position to eavesdrops on calls, turn on the camera, access your
gallery, contacts, and more information that may include the important accounts information saved in the
devices or might have been shared through WhatsApp and other sensitive personal detail including the
videos. Besides, the hacker is also in a position to turn on the device microphone from a remote location
and will be able to record and listen to the environment and conversations of the victim.
The hacker is also in a position to temper with your call log and saved settings to hide the method of
infection. To archive the intrusion, the attacker has to alter with care, the data packets sent at the beginning
of a voice call with the targeted victim; when the victim receives the packets in his/her phone successfully,
there is an occurrence of internal buffer within the WhatsApp which is forced to overflow. This will
overwrite most parts of the app's memory which will lead to the hacker/attacker controlling the entire
WhatsApp application. The hacker can not only alter the functionality of the entire application but
also, he/she can cause a denial of service. This simply means the owner of the account has no
access to his/her files, data, and other features supported by the App. He or she is therefore locked
out of access thus denial of service. Security researchers claim that the spyware that has attacked
the WhatsApp flaw from time to time is connected to the cyber intelligence company known as
the NSO group.
In the Technology world, such loopholes in security are very dangerous since they give the hacker
leeway in sending viruses and malicious files that may lead to the corruption of the entire device.
Through such instances is where ransomware is sent to the devices and important files are lost in
the process. The files of the victim might not only be deleted from the system but also, the file

Sign up to view the full document!

lock_open Sign Up
Showing Page:
3/4

Sign up to view the full document!

lock_open Sign Up
End of Preview - Want to read all 4 pages?
Access Now
Unformatted Attachment Preview
Running head: VULNERABILITY 1 TITTLE: NAME: SCHOOL: DATE: VULNERABILITY 2 VULNERABILITY Name: A buffer overflow vulnerability in WhatsApp VOIP stack CVE: CVE-2019-3568 WhatsApp refers to a mobile app used to send and receive free voice calls, Video calls, and Text messages. The app is used by a wide range of populations within the entire globe and is, therefore, a platform that might expose a lot of individual information if at all the end-to-end encryptions and security is not put up well. The App runs on Windows, iPhone, Windows phone, Mac, and Windows Pcs. Being an online app, it has been exposed to being attacked in various ways in the online platforms, and therefore it is vulnerable. It has suffered from a classic buffer overflow weakness from time to time and keeps on updating its application and security to overcome and solve the problem every time it occurs. Recently WhatsApp has had several challenges in securing the end-to-encryption. The CVE-2019-3568 refers to a buffer overflow vulnerability in the WhatsApp Voice over IP stack which allows execution of manipulated series of SRTCP (Secure Real-time Transport Protocol) to targeted users of the app. Recently WhatsApp ...
Purchase document to see full attachment
User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.

Anonymous
Great study resource, helped me a lot.

Studypool
4.7
Indeed
4.5
Sitejabber
4.4