Analyzing WhatsApp Security with Dynamic Binary Instrumentation

Abstract

The number of IoT devices are rapidly growing, and security vulnerabilities are also growing along with it. Smartphones have become nearly ubiquitous in society, completely reshaping how we live our daily lives. One of the most popular apps used in the world is WhatsApp, with 2 billion users and counting. WhatsApp users often take their security and privacy as granted, but given that all their data is stored unencrypted on their devices, they should be asking: how can security vulnerabilities and exploits impact user data stored on their devices? In this work we seek to answer that question by examining potential attacks against WhatsApp and simulating them to better understand the end result on WhatsApp. We integrate Frida with DroidBot to automate discovery of functions of interest for these attacks. In addition, we also consider a methodology for generating regular expressions that captures the dynamic behavior of WhatsApp. We focus on analyzing WhatsApp on Android, one of the most widely used apps on the most popular mobile OS in the world. We use Frida, a modern dynamic instrumentation toolkit, to both simulate the attacks as well as generating the regular expressions.