Solved

Wants to block send Chats message/Text for WhatsApp Cloud App

  • 28 March 2023
  • 7 replies
  • 124 views

Badge +4

Hello Everyone, 

 

I am trying to block the upload and send chats for WhatsApp Cloud App. 

I have created the  cloud app policy for WhatsApp and selected the activity "upload" and set the action "block",

when we tried to upload any file it gets blocked but we are not able to block send chats for same it is still allowing.

I have also tried by creating "Chat, IM & other Communication" category and selected the activity upload, and set the action "block" but it did not worked as well.

 

Please help on how we can block the send Chats for WhatsApp web.

 

icon

Best answer by qyost 31 March 2023, 15:40

View original

7 replies

Userlevel 5
Badge +16

What activities are you seeing in SkopeIT or Analytics when a user does send a message?  I suspect it may be something more along the lines of Post or FormPost.

Userlevel 6
Badge +16

Hello, 

 

Unfortunately (from an enterprise perspective) Whatsapp uses end to end encryption for it's messaging service:

https://faq.whatsapp.com/820124435853543

 

"WhatsApp's end-to-end encryption is used when you chat with another person using WhatsApp Messenger. End-to-end encryption ensures only you and the person you're communicating with can read or listen to what is sent, and nobody in between, not even WhatsApp"

For blocking messaging, you'd likely have to block Whatsapp itself.  I have had some success with blocking uploads to Whatsapp in the past but I would have to test again.  

Userlevel 5
Badge +16

Doesn't their end-to-end encryption just mean that the datagram submitted as part of the https transaction is encrypted separately prior to being sent?   Netskope should still be able to see the https action unless the webapp is cert-pinned and has to have a SSL decryption exception.   But being able to act on upload/download doesn't sound like that is the case.

Userlevel 6
Badge +16

@qyost I was doing some HAR captures earlier and it looks like they use a web socket to send messages and set up the actual session (at least in the desktop mode).  In a HAR capture the message doesn't even show up which leads me to believe they send it over the already open web socket.   My initial testing showed that I could block this web socket session but that broke the entire application.  I am going to try to dig deeper into it.  The upload and download use a separate endpoint that starts with a post to a blob then a call to the Whatsapp CDN.  We can block this call as well but I wanted to test further to see if the blob upload succeeds prior to that call which is my suspicion.  

Whatsapp provides details in a security overview here which I believe is what I'm observing.  


Userlevel 5
Badge +16

Awesome stuff.   It's blocked in my environment, so I didn't have anything to look at or test.  Thanks for the detailed breakdown.

 

Badge +4

Hello @sshiflett & @qyost, Thank you very much!!

 

@qyost  can you explain me in a brief, how you blocked the WhatsApp send chats in your environment. means what policy you created to block the same.

 

 

 

Userlevel 5
Badge +16

My case is simple.   I have two policies that enforce controls on the "Chat, IM, & other communication" category, then an app policy above to permit the corporate chat app.  We'll start at the bottom of the policy and work our way up. 

  1. Block by default
  2. Allow authorized users to access Chat/IM as an exception
  3. Allow access to corporate Chat/IM resources as Apps

(Screenshots edited for confidentiality)

Reply