WhatsApp Bug Allowed Hackers To Hijack Chat Sessions With Gifs
You probably don’t think twice before sending a nice little looping image to a friend on WhatsApp. But the next gif you send could cause you terrible pain and anguish.
WhatsApp has patched a critical security loophole that left your private messages and media vulnerable to breaches. The bug allowed attackers to remotely access your phone’s storage and all the files it hosts including your WhatsApp texts, pictures, videos, GIFs, and audio messages.
In this case, as described by the researcher “Awakened” who found the issue, all it took to trigger the vulnerability and perform a Remote Code Execution (RCE) attack was the creation of a malicious GIF file.
According to the researcher’s technical writeup on GitHub, the bug can be triggered in two ways. The first, which leads to local privilege escalation, requires a malicious application to already be installed on a target Android device. The app then generates a malicious GIF file used to steal files from WhatsApp through the collection of library data.
When the WhatsApp user downloads the GIF on their Android phone and then opens it again within the gallery on WhatsApp, the code also allows a ‘remote code execution’ attack runs on the phone allowing the hacker to gain access to the WhatsApp user’s Android phone. This has been discovered by a security researcher called Awakened, a self-described technologist and an information security enthusiast. “WhatsApp users, please do update to latest WhatsApp version (2.19.244 or above) to stay safe from this bug,” the post says.
“Facebook acknowledged and patched it officially in WhatsApp version 2.19.244. WhatsApp users, please do update to latest WhatsApp version (2.19.244 or above) to get rid of this bug,” the researcher urged users in his blog post.
Earlier this year, the Financial Times reported a vulnerability in the messaging app allowed attackers to slip in spyware on users’ devices. WhatsApp rushed to fix the issue, but did not clarify how many users were affected by this loophole.
Below is the Video of the exploit in action.