WhatsApp Deploys Rust-Based Media Parser to Block Malware on 3 Billion Devices
Summary
WhatsApp's engineering team has rewritten its media handling library, "wamedia," in Rust, reducing the codebase from 160,000 lines of C++ to 90,000 lines. This Rust-based parser, deployed on 3 billion devices including phones, desktops, and web browsers, enhances memory safety and security, directly addressing vulnerabilities like the 2015 Stagefright exploit. The new system, dubbed "Kaleidoscope," extends beyond basic format validation to detect suspicious patterns such as embedded files in PDFs or disguised executables. This initiative, which involved extensive differential fuzzing and integration testing, also yielded performance gains and reduced memory usage, despite initial binary size challenges mitigated by build system optimizations using Buck2. Meta plans to accelerate Rust adoption across its other platforms, mirroring a broader industry trend seen at Google and Microsoft.
Key takeaway
For CTOs and VP of Engineering evaluating language choices for critical infrastructure, WhatsApp's successful Rust deployment on billions of devices underscores Rust's value in mitigating memory safety vulnerabilities and improving performance. You should consider Rust for new development, especially for components processing untrusted data, and invest in robust testing and build optimization tools to manage the transition and deployment at scale.
Key insights
Rewriting critical C++ components in Rust significantly enhances security and performance at scale.
Principles
- Prioritize memory-safe languages for untrusted data processing.
- Employ differential fuzzing for compatibility during rewrites.
- Optimize build systems to manage binary size overhead.
Method
WhatsApp implemented a full rewrite of its C++ media handling library in Rust, running both versions concurrently with differential fuzzing and integration testing to ensure compatibility and validate improvements before full transition.
In practice
- Adopt Rust for new code handling untrusted inputs.
- Invest in build system optimizations for mobile deployments.
- Implement multi-layered security checks beyond format validation.
Topics
- Rust Programming
- Memory Safety
- Malware Protection
- Client-Side Security
- Media Parsers
Best for: CTO, VP of Engineering/Data, Software Engineer, Security Engineer, Research Scientist
Related on AIssential
Editorial summary, takeaway, and curation by AIssential. Original article published by InfoQ.