A mistake is made in the algorithm of sharing of files and links on iOS. To reproduce the vulnerability, you need to follow a few simple steps. First try to share something: this can be a photo gallery, document, or link is important to open the select application to send. Then choose the WhatsApp icon, and the system likely will not ask the user for authentication FaceID or TouchID. Even if this happens, click on the icon of messenger a few times.
Then you can simply return to the home screen of the smartphone, choose WhatsApp and start the application without authentication. The way it works, unless you install instant lock access to the app. The vulnerability is dangerous only for the unlocked phone, but it is completely discreditied the idea of an extra layer of protection. If the attacker has the ability to access the phone, the screen is not locked, he easily read the message.
The function of protecting individual apps with a password or biometric identifier is quite popular among Android users. A firmware allows you to configure protection for each program individually. The option to block WhatsApp access messenger by fingerprint or the user’s face appeared on 3 February 2019 and already has been updated several times. Reviews from the Apple or application developers about the new vulnerability has not yet been received.
Read more •••