Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

The update can be analyzed to see what was changed, even if we only have the binary executable. If we know that an app contains intentional bugs, just looking at where the update made changes could eliminate a lot of looking & find the bugs even faster! There are many automated tools that can do this too, eg. Fuzzing. The updates can also hint us where the previous bug was and what to look out for in the future.

So, nope. Introducing security bugs and backdoors just makes it insecure for everyone.



Oh, so you are reverse engineering and thoroughly analyzing every WhatsApp update? That's reassuring. Cause otherwise I'd have said nobody does this on a regular basis which would mean it still is a viable method.


It could be a very lucrative business. Some companies pay up to a million dollars for a WhatsApp bug https://zerodium.com/program.html

There is also a black-market that can be even more lucrative. A bug could be jackpot for criminals.

See also https://en.m.wikipedia.org/wiki/Market_for_zero-day_exploits

So yes, I'm pretty sure that there are various teams, including white-hats such as Google, black-hats, nation-states such as China / Russia, analyzing each and every update.

There was also an interesting article on hackernews a while back demonstrating the technique, there are some nice tools for this. Sorry, can't find the link now.


Their is an entire industry that either is already or definitely would be doing this if there were deliberate bugs in Apps.


There is, and there are.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: