Thursday, July 3, 2025
Aiman Al-hadhrami LinkedIn vulnerability
๐ Security Report: LinkedIn Vulnerability Allows Remote Attacker Deception and Phishing Attacks
Wednesday, June 4, 2025
Aiman Al-hadhrami WhatsApp Vulnerability
๐ข Security Vulnerability Report – Remote Privacy Vulnerability – WhatsApp
๐ก️ Ghost Reads on WhatsApp: A Silent Technical Vulnerability Compromising User Privacy and Causing Potential Social Consequences Through Fake Blue Read Receipts — A Serious Privacy Violation!
๐ง Summary:
This vulnerability was discovered by Aiman Al-Hadhrami, an independent cybersecurity researcher.
It allows a sender, whether intentionally or unintentionally, to remotely determine whether a recipient has read a message — indicated by the two blue ticks — even when the "Read Receipts" feature is disabled in WhatsApp.
This constitutes a remote privacy violation and logic flaw, as it enables the sender to receive confirmation of message reading despite the recipient’s chosen privacy settings — violating their expectation of control and discretion.
The issue occurs regardless of the recipient's configuration, and messages may appear as “read” even when they were not actually opened, creating a deceptive and misleading system behavior.
This flaw undermines user trust in WhatsApp’s advertised privacy features and opens the door to potential social, emotional, and even legal consequences stemming from false read indicators.
๐ Impact/Risk:
- Violates user privacy settings.
- Could be exploited for social pressure, emotional manipulation, or invasive behavior.
- May cause interpersonal conflict, especially in sensitive or high-stakes communication.
Why This Is Particularly Severe
False Read Status (Deceptive State):
The system falsely indicates that the message has been read, misleading the sender into believing it was seen.
This can lead to psychological pressure on the recipient, or even legal or professional issues in contexts like business communication or legal notices.
The appearance of "message read" without actual reading can cause serious issues in both professional and personal life. Examples include:
- In the workplace:
When a manager sends important instructions or directives via WhatsApp, and it shows that the employee has read the message — when in fact they haven't — this can lead to serious misunderstandings.
The employee may be held accountable for negligence or lack of response, and the situation may escalate to disciplinary actions or even termination.
- In marital relationships:
A wife may send heartfelt messages expressing her emotions or needs, and it appears that her husband has read them, while he actually hasn't seen them.
This can create feelings of neglect or emotional abandonment, leading to communication breakdowns that may result in major conflicts, or even divorce.
- In parent-child relationships:
When a father sends messages to his son containing advice or requests, and it shows as "read," the father may assume the son is ignoring him — even if the son hasn't actually opened the messages.
This can cause strain in the family relationship and may lead to drastic consequences, such as the father asking the son to leave the house.
๐ฅ Critical Medical Scenario: When a False Read Receipt Could Cost a Life
In medical environments — such as hospitals or emergency care units — timing is everything. Communication apps like WhatsApp are often used by frontline medical staff to urgently send lab reports, scans, and vital patient data to off-site specialists for immediate review and action.
The Problem:
Due to this vulnerability, a message may falsely appear as "read" (with blue checkmarks) even though the specialist has not opened it.
The Consequence:
- The attending medical staff believes the specialist has reviewed the case and is taking action.
- In reality, the message has not been seen, and no decision or medical intervention is made.
- This false assumption and delay may result in the patient’s condition deteriorating, or in the worst-case scenario:
The patient may die due to lack of timely response.
Why This Matters:
This is not a hypothetical. It’s a direct consequence of misleading system behavior — a logic flaw that creates a false sense of communication, leading to fatal misunderstandings in high-stakes environments.
Direct Violation of Privacy Principles:
Even aside from user privacy preferences, showing a message as "read" when it hasn't actually been opened represents a fundamental flaw in system behavior and logic.
It undermines user trust and contradicts the purpose of privacy settings.
Potential for Social Engineering or Harassment:
The flaw could be exploited to accuse or pressure the recipient — e.g., someone might say “you saw my message and ignored me” when the message was never actually viewed.
This opens the door to manipulation, abuse, or targeted harassment.
⚠️ Trust and User Confidence:
This vulnerability raises not only legal and ethical concerns but also fundamentally undermines user trust in WhatsApp’s stated privacy guarantees. Users who disable the "Read Receipts" feature do so with the clear expectation of full control over the visibility of their engagement with messages. They trust that their decision to withhold read confirmations will be respected by the system. However, when the platform falsely displays a message as “read”—despite the recipient never opening it—this represents a direct violation of user expectation, intent, and autonomy.
According to WhatsApp’s official Privacy Policy, users are explicitly assured that disabling read receipts will prevent others from knowing whether a message has been read. When the system fails to uphold this assurance, it effectively transforms a user-configured privacy setting into a false sense of control, weakening both the credibility of the platform and its ability to safeguard interpersonal boundaries. In a communication platform relied upon by billions, this is not a trivial glitch — it is a critical privacy logic flaw with serious implications. Beyond legal noncompliance, this behavior raises deep ethical questions about how digital platforms manage user trust and behavioral signaling.
Disabling read receipts is not a casual configuration; it is a deliberate expression of digital boundaries — an assertion of the user’s right to control how their attention and presence are perceived. A false read indication, even if unintentional, violates this right. It compromises the informational integrity of communication and diminishes user confidence in the platform's transparency and honesty.
๐ฌ Official Meta Acknowledgment:
Despite initial denials and dismissals from Meta, following multiple responsible disclosures regarding a critical privacy vulnerability, Meta ultimately officially acknowledged the issue described in the report.
Their exact words were:
> “Hi Aiman, Thanks for writing in. We have discussed the issue at length and concluded that, whilst you reported a valid issue which the team may make changes based on” [ticket number: 24855322277404593]
> “Hi Aiman, Thank you for your report. We were able to reproduce the behavior where a blue tick is shown incorrectly when the victim hasn’t read the message” [ticket number: 24903344622602358]
These statements represent an implicit acknowledgment by the vendor that the flaw exists.
This confirms that the issue is not hypothetical, nor is it limited to a device-specific bug. It is a reproducible privacy violation with significant real-world consequences.
๐ Impact Analysis:
• Remote Exploitability:
The vulnerability is remotely exploitable, requiring no physical access or interaction from the victim.
• Privacy Violation:
This vulnerability bypasses user-configured privacy settings and qualifies under CWE-359: Exposure of Private Personal Information to an Unauthorized Actor, as it discloses the recipient’s read status despite their explicit privacy settings.
Additionally, it falls under CWE-451: UI Misrepresentation of Critical Information, since the application displays misleading read receipts (blue checkmarks) even when the messages have not actually been opened — creating a false perception of user interaction.
• Real-World Consequences:
Read receipt behavior has proven to cause serious misunderstandings and trust issues in personal relationships.
Example: A real legal case in Taiwan demonstrated that the appearance of messages as 'read'—indicated by two blue ticks—without any reply was accepted as legal evidence of emotional abandonment. This highlights the severe risk posed by any flaw that leads to false read receipts.
Source: BBC News https://www.bbc.com/news/world-asia-40632435
• Policy Breach:
This flaw directly contradicts WhatsApp’s stated privacy policies, which guarantee user control over read receipt visibility and message interaction privacy. Furthermore, such a violation may constitute a breach of data protection laws, including the General Data Protection Regulation (GDPR) in the European Union, which mandates explicit user consent and transparency regarding data processing.
Similarly, under U.S. privacy laws such as the California Consumer Privacy Act (CCPA), users have the right to know, control, and restrict how their personal data is accessed and used. Failing to uphold these standards could expose the platform to regulatory scrutiny and potential penalties.
✅ Nothing Is More Important Than People’s Lives:
The goal of discovering vulnerabilities is not only to protect systems or improve software but to protect people first — especially when privacy flaws impact relationships, decisions, emotions, and everyday life.
Why This Point Is Crucial:
This vulnerability affects people’s lives, not just the code:
It does not merely break the technical system; it breaks trust between individuals.
It generates false behavior (messages shown as read even when they haven’t been), which leads to:
• False accusations
• Marital problems
• Family conflicts
• Workplace tensions
• And even crimes or violence in sensitive contexts.
Finally:
This vulnerability transcends typical security flaws because it disrupts the fundamental trust and privacy that users expect from their communication tools.
Addressing it is not just a matter of fixing code — it is a matter of safeguarding human dignity and social harmony. Its consequences reach far beyond technology, threatening real-world relationships and well-being.
As an independent researcher, my intention is to promote trust, transparency, and user protection. I respectfully urge that this issue be addressed with urgency and transparency.
๐งช Steps to Reproduce (Proof of Concept):
Technical documentation was submitted to Meta.
๐ฅ Supporting Material:
The vulnerability report, including demonstrative video evidence, was submitted to Meta.
๐ฑ๐ฒ Video Demonstration Overview
The video illustrates both the underlying logic flaw and a realistic use-case scenario, with a complete end-to-end reproduction performed on the latest official version of WhatsApp across both devices.
The vulnerability report, including demonstrative video evidence, was submitted to Meta.
๐ฑ๐ฒ Video Demonstration Overview
The video illustrates both the underlying logic flaw and a realistic use-case scenario, with a complete end-to-end reproduction performed on the latest official version of WhatsApp across both devices.๐น First 10 minutes:
- The recipient’s WhatsApp account has the “Read Receipts” feature disabled.
- The recipient does not open any incoming messages.
- Despite this, the sender’s WhatsApp falsely displays blue ticks, indicating that the messages have been read.
๐น Final minute:
- The recipient finally opens the messages, while “Read Receipts” remain disabled.
- The blue ticks still appear — confirming the logic flaw and privacy setting bypass.
⚠️ Critical Medical Scenario Depicted
The video simulates a real-world medical emergency involving urgent communication between an emergency physician and an off-site cardiologist:
- The physician sends updates about a 45-year-old male presenting with anterior STEMI symptoms.
- ECG scans, chest images, and lab tests are shared for immediate expert advice.
- The patient becomes hemodynamically unstable (BP drops to 80/50 mmHg).
- The physician sees blue ticks and assumes the cardiologist has read the messages.
- In reality, the cardiologist never opened the messages — and no reply is received in time.
- The patient goes into cardiac arrest and unfortunately passes away.
- The physician later informs the cardiologist that medical decisions were based on the assumption that the messages had been seen — due to the misleading blue ticks.
Aiman Al-hadhrami — Independent Cybersecurity Researcher
Sunday, March 29, 2020
Vulnerabilities in Ruckus Network Products
Overview
Researcher Security Advisory
Unauthorized Firmware Image Upgrade and Other Vulnerabilities in CommScope Products Discovered by Independent Researcher Aiman Al-Hadhrami, Student at UST, Sana'a, Yemen
Description
Multiple critical vulnerabilities have been discovered by independent security researcher Aiman Yahya Al-Hadhrami from the Republic of Yemen, a student at the University of Science and Technology, Sana'a. These vulnerabilities affect CommScope and Ruckus products.
The discovered issues include flaws in the Secure Boot (rfwd) mechanism and the Web GUI interface, which allow a remote attacker to bypass authentication and perform firmware upgrades using unauthorized images.
A total of 10 CVEs have been identified, with Base Scores indicating Critical Impact:
CVE-2020-22653 Base Score: 9.8 CRITICALFull device compromise: Exploits official image signature for unauthorized firmware injection and digital signature bypass.
CVE-2020-22654 Base Score: 9.8 CRITICAL
Unauthorized firmware execution: Bypasses firmware verification signature despite failed MD5 checksum.
CVE-2020-22655 Base Score: 7.5 HIGH
Persistent backdoors: Persistently writes unauthorized firmware images.
CVE-2020-22656 Base Score: 7.5 HIGH
Secure Boot bypass: Forces Secure Boot into failed attempts state (rfwd).
CVE-2020-22657 Base Score: 9.1 CRITICAL
Unauthorized management access: Bypasses Web GUI login authentication.
CVE-2020-22658 Base Score: 9.8 CRITICAL
Complete firmware takeover: Switches to unauthorized image as primary verified image.
CVE-2020-22659 Base Score: 7.5 HIGH
Firmware spoofing: Forces injection of unauthorized firmware signature.
CVE-2020-22660 Base Score: 7.5 HIGH
Unauthorized operation: Bypasses Secure Boot to run backup image.
CVE-2020-22661 Base Score: 6.5 MEDIUM
Loss of trusted backup: Erases and replaces secondary backup firmware.
CVE-2020-22662 Base Score: 7.5 HIGH
Regulatory violations, network interference: Enables illegal region codes and frequencies via command injection; creates excessive SSID interfaces.
Impact/risk
° The attacker can gain access to anywhere from thousands to millions of devices worldwide by exploiting a security vulnerability that allows them to identify these devices and their IP addresses. These devices send signals to the manufacturer, which the attacker can intercept to locate and target them. Once access is obtained, the attacker can implant modified firmware containing malicious commands to carry out cyberattacks. This firmware may also include spyware or data-stealing malware for espionage purposes. Additionally, the attacker may use these compromised devices as part of a botnet to launch DDoS attacks, overwhelming target systems with traffic.
° The vulnerabilities affected multiple devices, servers, and systems used in various sectors, including government offices, hotels, companies, and hospitals around the world.
° Full Remote Compromise: Devices can be fully and remotely controlled by an attacker.
° Illegal RF Operation: An attacker can configure the device to operate on illegal frequencies with unrestricted output power, violating air interface regulations, including FCC rules: 594280 D01, 594280 D02, and 442812 D01.
° Persistent Backdoors: An attacker can establish persistent backdoors for various malicious purposes.
° Image Spoofing: Attackers can trick customers into believing that devices are running official firmware, while in reality, they may be running unauthorized images embedded with harmful backdoors.
° Update Blocking: Future software updates can be permanently blocked by the attacker, preventing any remediation.
° Wide Coverage: These vulnerabilities affect all product models and all software versions released from 2014 up to the latest releases in 2020.
Affected Products
Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, Ruckus T301s 10.5.1.0.199, SmartCell Gateway 200 (SCG200) before 3.6.2.0.795, SmartZone 100 (SZ-100) before 3.6.2.0.795, SmartZone 300 (SZ300) before 3.6.2.0.795, Virtual SmartZone (vSZ) before 3.6.2.0.795, ZoneDirector 1100 9.10.2.0.130, ZoneDirector 1200
10.2.1.0.218, ZoneDirector 3000 10.2.1.0.218, ZoneDirector 5000 10.0.1.0.151,
The following table outlines the vulnerable Ruckus products, the affected software versions, and the recommended mitigation actions:
Solution
- Ruckus has released patches for some products and is in the process of developing and releasing software fixes for all affected products. We recommend installing these updates as soon as they become available.
- Ruckus EOL (End-of-Life) Products will not receive fix patches.
Subscribe to:
Posts (Atom)