Black Hat Asia 2026 Speaker Spotlight - Tal Be'ery

Tal Be'ery returned to Black Hat Asia 2026 to spotlight a growing crisis: billions of WhatsApp users are exposed to newly uncovered flaws that allow strangers to hijack their devices. Leveraging the conference’s blend of cutting‑edge research and Singapore’s relaxed vibe, he framed the issue around the staggering figure of 3.5 billion potential victims, underscoring why WhatsApp security matters to anyone with a smartphone.

The talk detailed three core findings. First, the researchers identified multiple zero‑day vulnerabilities that permit remote code execution without user interaction. Second, they demonstrated fresh attack techniques—such as crafted message payloads and metadata manipulation—that let adversaries impersonate contacts and inject malicious code. Finally, they unveiled a suite of custom tools that automate exploitation at scale, proving the feasibility of mass‑targeted campaigns.

Be'ery highlighted a striking example: a forged group‑chat invitation that, when opened, silently installed a backdoor on the victim’s device, effectively turning “3.5 billion strangers” into potential attackers. He also quoted the conference’s mantra, “security is a shared responsibility,” and walked through live demos showing how the flaws bypass WhatsApp’s end‑to‑end encryption.

The implications are immediate. Enterprises that rely on WhatsApp for customer communication must prioritize patch deployment and harden endpoint defenses. Users need to stay vigilant, apply updates promptly, and consider alternative secure channels for sensitive exchanges. As the platform underpins personal and business interactions worldwide, mitigating these vulnerabilities is critical to preserving trust and preventing large‑scale data breaches.