Majd Dhainy

Published On: 27 Nov 2019

Bypass WhatsApp screen lock to make calls and send/read messages

Privacy/Authentication
WhatsApp | Other
---
UNDEFINED INFORMATIVE
Description

using a voice assistant (siri or google assistant), an attacker can start a whatsapp call, or send a whatsapp message to any contact even when the whatsapp screen lock feature is enabled. Without verifying their fingerprint.

Impact

-Start a whatsapp call/video_call with any contact without going through touch ID -Send a whatsapp message to any contact without going through touch ID -Display the last message in a conversation with any contact without going through touch ID




Reproduction Steps

Step
1

Start Siri/google assistant on a phone with whatsapp installed and screenlock enabled from within the whatsapp privacy settings .

Step
2

Say: "Send X a WhatsApp message saying Y"

Step
3

Say:"Call X on WhatsApp"

Step
4

Say:"Read my recent message with X" 

Step
5

Where X is the person you want to send the message to, and Y is the message .

Timeline
.
Majd 22 Nov 2019

Initial Report

.
Facebook 22 Nov 2019

Report marked as informative Hi Majd, Thank you for your report. WhatsApp recently introduced a new feature that allows people to enable a biometric lock, which can be your ... See More

INFORMATIVE






Show All Images