Check Point Research discovers existing vulnerabilities in Facebook, Instagram, WeChat and other high-profile apps previously believed to be patched
• Updates don’t update
• Hackers can take location data from Instagram, alter posts on Facebook and read messages on WeChat
Updates Don’t Update
The common perception is that if a person constantly maintains the most up-to-date version of an application they are safe from hacker exploitation. Not true. Check Point Research discovered that known vulnerabilities were present on the latest versions of some of the most famous apps in the world on Google’s Play Store.
Hackers can gain administrative control over Play Store Apps
The research proves that threat actors can still execute code on the latest versions of mobile applications on Play Store, despite the updates those mobile apps have pushed to people. In short, threat actors can gain administrative control over the mobile applications studied by Check Point Research. Theoretically, threat actors can steal and alter posts on Facebook, extract location data from Instagram and read SMS messages in WeChat.
The Research Process
In a month-long study, Check Point Research cross-examined the latest versions of these high-profile mobile for three known remote control execution (RCE) vulnerabilities dating from 2014, 2015 and 2016. Each vulnerability was assigned two signatures. Then, Check Point Research ran its static engine to examine hundreds of mobile applications in Google’s Play Store to see if old, vulnerable code was present in the latest version of the application. Check Point Research found vulnerable code, which was claimed to patched, present in the latest versions of popular mobile application.
Responsible Disclosure
Check Point Research informed the applications vulnerable in its study, along with Google.
What People Should Do
For now, Check Point urges people to install an antivirus-app that monitors vulnerable apps on the phone.
Pic Caption – Airtel iCreate 2019 winners –team ‘Red Pill’ (3rd & 4th from left) from XLRI Jamshedpur with Airtel leadership team. (2nd from left) Ajai Puri, COO – India and South Asia, Bharti Airtel.