search cancel

Blocking file transfer via Whatsapp thin client

book

Article ID: 255060

calendar_today

Updated On:

Products

CASB Gateway Advanced

Issue/Introduction

WhatsApp offers the ability to transfer files via the SaaS application (File upload/download). this article goes through the use case where the customer would like to have some level of visibility and control over the application.
 
 

Environment

> Cloudsoc Tenant to have the Gatelet license including the "custom Gatelets".

Cause

WhatsApp has two different types of clients:

1- WhatsApp thick client (Desktop client):  is built with the End-to-End encryption capability, which prevents any intermediary device to terminate the traffic for inspection. this was achieved by avoid the use of the Certificate trust stores on the end point and by hard coding it on the application. for this reason the thick client is not supported by Cloudsoc Gatelet. 

2- WhatsApp thin client (On browser): this client relies on the browser for the SSL Trust, thus it can be controlled and it can be sanctioned in both of the supported deployments (Proxy Chaining or WSS Agent). this article covers this use case.

 

 

Resolution

1- Define a custom Gatelet with the WhatsApp URL's

2- Define a Cloudsoc Policy (Access Enforcement Policy):

3- Wait for WSS to Sync the new Gatelet (WSS Portal)

 

4- Login to WhatsApp on the browser (Web App) and Generate some file transfer traffic to WhatsApp by uploading or downloading files

5- observe the new events on Investigate (Expected: to populate new events of the custom Gatelet)

6- Verify the details of the policy violation events

7- This works with both the proxy forwarding or the WSS Agent deployment

 

Attachments