WhatsApp flaw: Android phones can be hacked with GIFs

A new security glitch has been detected in the WhatsApp that can allow hackers to hijack a phone by just sending GIFs with malicious code.

A security researcher who goes by the moniker Awakened has written an explainer on double-free vulnerability in WhatsApp on his personal GitHub blog. 

For the uninitiated, double-free vulnerability is a memory corruption anomaly in the WhatsApp‘s Gallery view implementation process. WhatsApp usually creates a preview of images before the actual photo is presented to the user when he/she enter the gallery section; but, due to lack of proper security layer, those photos can be illegally retrieved by a hacker. 

For instance, if a user receives malicious code-laced GIFs on the Facebook-owned messenger app, it will initially remain inactive. But, when the user returns to the WhatsApp Photo Gallery, the bad GIF springs into life and creates a path for hackers to retrieve photos via the RCE (Remote Code Execution) method.

Must read: Google takes down Joker malware-laced Android apps on Play store 

It has come to light that the vulnerability is found to be affecting the Android phones with 8.1 Oreo and v9.0 Pie OS versions. If Google's Android dashboard is to be believed, both the OS versions account for a little over 25 percent of the total active Android phones. That means millions of mobile users are vulnerable to getting hacked.

Taking note of the severity of the issue, Facebook-owned company has acknowledged the issue and released a security patch for WhatsApp. Android phone users are advised to install the latest update (v2.19.244).

To manually download the update, go to the Google Play store, type WhatsApp and tap on the green 'Update' button. 

Tips on how to safeguard your mobile phone from adware and other malicious threats:
1) Whether you have an Android mobile or iOS-based iPhone, always stay updated with the latest software. Both Google and Apple regularly send firmware — especially security patches monthly or on a priority basis, whenever they detect threats. So, make sure you install the latest software.
2) Another good practice is to install a premium Antivirus software, which offers 24x7 protection. They are equipped to detect threats quickly whenever you unknowingly visit a shady website
3) Never ever open emails or SMS and click URL links sent from unknown senders 
4) Also, never install apps or software from unfamiliar publishers. 
5) Always download apps from Google Play or Apple App Store only. Never install from any third-party app store.

Get the latest news on new launches, gadget reviews, apps and more on personal technology only on DH Tech.

DH Newsletter Privacy Policy Get top news in your inbox daily
Comments (+)