Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

WhatsApp fixes Face ID and Touch ID authentication bypass

WhatsApp recently implemented Face ID and Touch ID authentication for Apple iOS app, but unfortunately, it can be easily bypassed. Earlier February, WhatsApp introduced Face ID and Touch ID authentication for its iOS app to allow users to lock the application using the Face ID facial recognition and Touch ID fingerprint systems. The security feature […]

whatsapp NSO

WhatsApp recently implemented Face ID and Touch ID authentication for Apple iOS app, but unfortunately, it can be easily bypassed.

Earlier February, WhatsApp introduced Face ID and Touch ID authentication for its iOS app to allow users to lock the application using the Face ID facial recognition and Touch ID fingerprint systems.

The security feature can be enabled from Settings -> Account -> Privacy -> Screen Lock menu item. Users can choose the authentication method (Face ID or Touch ID) and set up the interval of time used by the device to lock itself (immediately, after 1 minute, after 15 minutes, or after 1 hour).

A Reddit user discovered that the authentication method chosen by the owner could be bypassed if the duration is not set to “immediately” and the owner is using the Share Sheet in iOS. The Share Sheet allows sharing items or contents through various media like Facebook, Twitter.

Below the step by step procedure to bypass the authentication.

“The latest FaceID and TouchID integration with WhatsApp has a privacy screen lock bypass bug for the WhatsApp application” wrote the Reddit user.

  1. Get to the iOS Share Sheet through any method, for example through the Photos app.
  2. Click on the WhatsApp icon in the iOS Share Sheet.
  3. While transitioning to the next screen, you observe that no FaceID or TouchID verification takes place if an option other than “Immediately” was set previously. Now just exit out to the iOS Home Screen. (If in some cases, it asks for FaceID or TouchID verification, just cancel it and try clicking on WhatsApp icon in the iOS Share Sheet again).
  4. Try to open WhatsApp and voila, it simply lets you inside WhatsApp without FaceID or TouchID verification.
Face ID WhatsApp

The good news is that WhatsApp already addressed the bug with the release of the latest version of the iOS app.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – iOS Face ID, authentication bypass flaw)

[adrotate banner=”5″]

[adrotate banner=”13″]