Full Disclosure mailing list archives

Re: whatsapp opening url in background

From: Ferran Pichel <ferran.pichel () foosec com>
Date: Fri, 15 Nov 2013 12:11:09 +0100

Hi, please, refer to the advisory:

http://foosec.com/docs/whatsapp.html

Here you have an abstract:

*WhatsApp <http://www.whatsapp.com/>* advisory published in *Nov-2013* about
an internal side effect - as they said - that may provoke, among others, a
DoS against the application and information disclosure as well, everything
without any kind of human interaction with the device. Already *solved in
version 2.11.134*.

Kind regards!


On Thu, Nov 14, 2013 at 5:58 PM, Ander Juaristi Alamos <ajuaristi () gmx es>wrote:

Hi Frank,

I just received a URL via Whatsapp from a friend, and I haven't noticed
that behavior. What's more, I don't remember if I ever noticed it.

Could you post more precise reproduction steps, please? How did you notice
that the URL was opened in background?

Thanks.



----- Mensaje original -----

De: Frank Habermann

Enviado: 14-11-13 13:02

Para: full-disclosure () lists grok org uk

Asunto: [Full-disclosure] whatsapp opening url in background


Hi List,

i wonder about url opening in background in whatsapp.
I am using an android phone.

If i send a url to some other user(with android) in whatsapp my whatsapp
and the the other user is opening the url in background without any user
interaction.
Is this normal?

I could reproduce this only on android. Not on ios.

Is this a android problem or a whatsapp problem?
Sounds very strange and insecure for me.

regards,
Frank

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

whatsapp opening url in background Frank Habermann (Nov 14)
- <Possible follow-ups>
- Re: whatsapp opening url in background Ander Juaristi Alamos (Nov 15)
  - Re: whatsapp opening url in background Ferran Pichel (Nov 15)
- Re: whatsapp opening url in background Ferran Pichel (Nov 15)
  - Re: whatsapp opening url in background Frank Habermann (Nov 15)
    - Re: whatsapp opening url in background Jerome Athias (Nov 15)
    - Re: whatsapp opening url in background Alex (Nov 15)
    - Re: whatsapp opening url in background Pål Nilsen (Nov 15)