Comment by cosmicgadget
Comment by cosmicgadget 16 hours ago
I'm technical and work in security. Since it is trivial, please explain. Ideally not using a strawman like "well just run strings and look for uploadPlaintextChatsToServer()".
Comment by cosmicgadget 16 hours ago
I'm technical and work in security. Since it is trivial, please explain. Ideally not using a strawman like "well just run strings and look for uploadPlaintextChatsToServer()".
We did reverse engineer it and we're cryptographers not reverse engineering experts https://eprint.iacr.org/2025/794
If people are trivially hooking IOS and Android applications then sure, it's just an exercise in dynamic analysis.
Mobile applications are outside my domain so I am surprised platform security (SEL, attestation, etc.) has been so easily defeated.
I don't see why standard RE techniques (DBI/Frida + MITM) wouldn't work, do you?
WhatsApp is constantly RE'd because it'd be incredibly valuable to discover gaps in its security posture, the community would find any exfil here.