Broken Validation of Whatsapp for iOS – Using / Cloning other Whatsapp Number (Jan 16th, 2015)

In the name of Allah, the Most Gracious, the Most Merciful.

Description: In short, by copying all of the application sandbox of the active/original whatsapp account at one of iDevice to other iDevice, then both of Whatsapp at different iDevices will active at the same time.

Yes, at that time, the application sandbox of iOS Application is not restricted yet, so we could copy it without the needs of jailbreaking the iDevice.

Note: To reproducing this issue, all we need to do just copy all of the application sandbox of Whatsapp (from victim’s iDevice) that we would like to clone, then paste it to the fresh install of Whatsapp application at attacker’s iDevice.

Reporting Date:
Reported Date: Jan 16th, 2015
Response Data: Jan 21st, 2015
Priority: was assigned as high priority by Ticket Manager “Rachel”.

PoC Video:

• 0:00s - 0:02s = showing that the victim connection to whatsapp is connected;
• 0:05s - 0:06s = showing the original victim’s account number;
• 0:12s - 0:20s = showing the victim could chat with their friends;
• 0:24s - 0:26s = showing the victim closed their whatsapp application from background process;
• 0:28s - 0:34s = showing the attacker has a connected connection on their whatsapp application;
• 0:38s - 0:40s = showing the attacker has a same account (phone number) with the victim;
• 0:45s - 0:55s = showing the attacker could chat with victim’s friends (it also shows if the victim’s reply has been received at the attacker’s device);
• 0:58s - 0:59s = showing again that the victim has a connected connection on their whatsapp application;
• 1:05s - 1:10s = open the whatsapp application (victim and attacker) at the same time. As the previous explanation, this could lead the connection interruption between victim and attacker (the connected and not connected status is switch each other);
• 1:11s = showing the attacker got a problem (whatsapp force to change or keep the phone number). But attacker just need to closed and re-open the application to “stay away from the warning”;
• 1:18s - 1:22s = showing that the victim could use their whatsapp application again after the attacker closed their application;
• 1:24s = Attacker re-opening their whatsapp application and got no warning anymore;
• 1:27s - 1:32s = showing the connection is interrupted again. This could happen if attacker and victim open the application at the same time;
• 1:38s - 1:41s = showing the account still same (between attacker and victim).



You may also like...