[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <CAH8yC8kbeBMVDygbVKkOdqn=i_GBgc039_DX1Qhxohkf=EhWUA@mail.gmail.com>
Date: Fri, 8 Dec 2017 05:48:11 -0500
From: Jeffrey Walton <noloader@...il.com>
To: Nightwatch Cybersecurity Research <research@...htwatchcybersecurity.com>
Cc: Full Disclosure List <fulldisclosure@...lists.org>
Subject: Re: [FD] Follow-up on CVE-2017-8769 - WhatsApp Issues with Media
Files
On Tue, Dec 5, 2017 at 5:27 PM, Nightwatch Cybersecurity Research
<research@...htwatchcybersecurity.com> wrote:
> [https://wwws.nightwatchcybersecurity.com/2017/05/17/advisory-whatsapp-for-android-privacy-issues-with-handling-of-media-files-cve-2017-8769/]
>
> We reported an issue earlier this year to WhatsApp / Facebook, where
> after deleting chats the media files would be retained on the device.
> The vendor fixed the issue by adding an option of deleting these
> files. HOWEVER, our testing now shows that the fix doesn't always work
> and the vendor doesn't acknowledge the issue as a security problem. We
> have updated the advisory accordingly and are recommending that users
> delete the media files from the SD card manually.
Deleting files from the SDcard likely won't fix the problem. The
vendor has to fix the problem by avoiding plain text on the disk.
Also see "Reliably Erasing Data From Flash-Based Solid State Drives,"
https://www.usenix.org/legacy/event/fast11/tech/full_papers/Wei.pdf .
Jeff
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists