Remote exploitation of a man-in-the-disk vulnerability in What | PT SWARM
Remote exploitation of a man-in-the-disk vulnerability in WhatsApp (CVE-2021-24027).
TL;DR: Leak External Storage (/sdcard), remotely collect TLS cryptographic material, MitM WhatsApp communications, RCE on victim device, extract keys used for end-to-end encrypted user communications.
Contents: • Intro • The Android Media Store Content Provider • The Chrome CVE-2020-6516 Same-Origin-Policy bypass • Session Resumption and Pre-Shared Keys in TLS 1.3 • Session Resumption and the Master Secret in TLS 1.2 • The WhatsApp TLS Man-in-the-Disk Vulnerabilities • From TLS secrets collection to Remote Code Execution • Stealing the victim's Noise protocol key pair • Conclusion and future work • References
Positive Technologies Offensive Team: twitter.com/ptswarm. This is the channel where we share articles/vulnerabilities/scripts/etc, not necessarily authored by us, that we find interesting...