Comment by solenoid0937

Comment by solenoid0937 18 hours ago

It would be trivial to discover and would be pretty big news in the security community.

I'd wager most of these comments are from nontechnical people, or technical people that are very far removed from security.

cosmicgadget 17 hours ago

I'm technical and work in security. Since it is trivial, please explain. Ideally not using a strawman like "well just run strings and look for uploadPlaintextChatsToServer()".

Reply View 5 replies

solenoid0937 17 hours ago

I don't see why standard RE techniques (DBI/Frida + MITM) wouldn't work, do you?
WhatsApp is constantly RE'd because it'd be incredibly valuable to discover gaps in its security posture, the community would find any exfil here.

Reply View | 4 replies
- martinralbrecht 17 hours ago
  
  We did reverse engineer it and we're cryptographers not reverse engineering experts https://eprint.iacr.org/2025/794
  
  Reply View | 2 replies
  
  [removed] 17 hours ago
  
  [deleted]
  
  Reply View | 0 replies
  
  solenoid0937 17 hours ago
  
  Cool paper, thanks for sharing!
  
  Reply View | 0 replies
- cosmicgadget 17 hours ago
  
  If people are trivially hooking IOS and Android applications then sure, it's just an exercise in dynamic analysis.
  Mobile applications are outside my domain so I am surprised platform security (SEL, attestation, etc.) has been so easily defeated.
  
  Reply View | 0 replies