Key Takeaways
- WhatsApp has adopted Rust as a new layer of security to harden defenses against malware threats
- The company has rolled out a Rust-based media consistency library to billions of devices and browsers
- Rust is a memory-safe language that offers numerous security benefits and has been used to replace 160,000 lines of C++ code
- WhatsApp’s experience with Rust has shown performance and runtime memory usage advantages over C++
- The company plans to accelerate the adoption of Rust to enhance security and reduce the risk of memory safety issues
Introduction to WhatsApp’s Security Efforts
WhatsApp has taken a significant step forward in enhancing the security of its platform by adopting Rust as a new layer of security. The company has rolled out a Rust-based media consistency library to billions of devices and browsers, providing an additional layer of protection against malware threats. This move is part of WhatsApp’s ongoing effort to harden its defenses against cyber-security threats and ensure that users can message securely. With over 3 billion people using WhatsApp to message securely every day, the company recognizes the importance of staying ahead of potential threats and evolving its strategy to protect users.
The Importance of Media Handling
WhatsApp allows users to share media and other types of documents, which can potentially pose a security risk if not handled properly. The company helps protect users by warning about dangerous attachments like APKs, but rare and sophisticated malware could be hidden within a seemingly benign file like an image or video. To mitigate this risk, WhatsApp is increasingly using the Rust programming language, including in its media sharing functionality. Rust is a memory-safe language that offers numerous security benefits, and WhatsApp believes that this is the largest rollout globally of any library written in Rust.
A Wake-Up Call for Media File Protections
In 2015, Android devices and applications became vulnerable to the "Stagefright" vulnerability, which highlighted the need for WhatsApp to harden its media-sharing defenses. The bug lay in the processing of media files by operating system-provided libraries, and WhatsApp realized that it needed to find solutions to keep users safe, even in the event of an operating system vulnerability. The company modified its cross-platform C++ library to detect files that do not adhere to the MP4 standard and might trigger bugs in a vulnerable OS library on the receiver side. However, the company identified that media checks run automatically on download and process untrusted inputs, making it a prime candidate for using a memory-safe language like Rust.
The Solution: Rust at Scale
WhatsApp developed the Rust version of its media consistency library in parallel with the original C++ version, using differential fuzzing and extensive integration and unit tests to ensure compatibility between the two implementations. The company replaced 160,000 lines of C++ code with 90,000 lines of Rust code, which showed performance and runtime memory usage advantages over the C++ version. The Rust version has been fully rolled out to all WhatsApp users and many platforms, including Android, iOS, Mac, Web, Wearables, and more. This success has demonstrated the production-readiness and unique value proposition of Rust on the client-side.
WhatsApp’s Approach to App Security
WhatsApp’s adoption of Rust is just one example of the company’s many investments in security. The company has built default end-to-end encryption for personal messages and calls, offers end-to-end encrypted backups, and uses key transparency technology to verify a secure connection. WhatsApp also reports CVEs for important issues it finds in its applications, even if it does not find evidence of exploitation, to give users the best chance of protecting themselves. The company’s approach to app security involves identifying and quantifying sources of risk, reducing identified risk, and investing in security assurance for C and C++ code.
The Role of Rust in WhatsApp’s Security Strategy
Rust has enabled WhatsApp’s security team to develop a secure, high-performance, cross-platform library to ensure media shared on the platform is consistent and safe across devices. This is an important step forward in adding additional security behind the scenes for users and part of the company’s ongoing defense-in-depth approach. WhatsApp plans to accelerate the adoption of Rust to enhance security and reduce the risk of memory safety issues. The company’s experience with Rust has shown that it is a valuable tool in the fight against malware threats and will play an increasingly important role in WhatsApp’s overall approach to application and user security.
Conclusion
In conclusion, WhatsApp’s adoption of Rust as a new layer of security is a significant step forward in enhancing the security of its platform. The company’s experience with Rust has shown that it is a production-ready language that offers numerous security benefits and can be used to replace C++ code. WhatsApp’s approach to app security involves identifying and quantifying sources of risk, reducing identified risk, and investing in security assurance for C and C++ code. The company’s plans to accelerate the adoption of Rust will help to further enhance the security of its platform and protect users from malware threats. As the largest ever deployment of Rust code to a diverse set of end-user platforms and products, WhatsApp’s experience with Rust serves as a model for other companies looking to enhance the security of their own platforms.
