On Tue, Dec 5, 2017 at 5:27 PM, Nightwatch Cybersecurity Research <resea...@nightwatchcybersecurity.com> wrote: > [https://wwws.nightwatchcybersecurity.com/2017/05/17/advisory-whatsapp-for-android-privacy-issues-with-handling-of-media-files-cve-2017-8769/] > > We reported an issue earlier this year to WhatsApp / Facebook, where > after deleting chats the media files would be retained on the device. > The vendor fixed the issue by adding an option of deleting these > files. HOWEVER, our testing now shows that the fix doesn't always work > and the vendor doesn't acknowledge the issue as a security problem. We > have updated the advisory accordingly and are recommending that users > delete the media files from the SD card manually.
Deleting files from the SDcard likely won't fix the problem. The vendor has to fix the problem by avoiding plain text on the disk. Also see "Reliably Erasing Data From Flash-Based Solid State Drives," https://www.usenix.org/legacy/event/fast11/tech/full_papers/Wei.pdf . Jeff _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
