Skip to content

A simple GIF is all it takes to hack your WhatsApp..

The popular messaging platform, WhatsApp was recently affected with a severe security flaw that let hackers hijack people’s phones by simply sending them a GIF. The company has fixed a security bug that triggered malicious GIF. The vulnerability was discovered by a Singapore-based security researcher.

The security enthusiast ‘Awakened’ has posted the details of the vulnerability on GitHub. The description suggests that hackers could penetrate the security of someone’s phone by simply sending them malicious GIF files. The file should be sent as a document and not as a media file. Once the corrupted GIF is received, the bug is triggered through WhatsApp’s Gallery folder.

The GIF file has to be sent as a document and not as a media file. Once the user opens corrupted GIF, the bug is triggered through Gallery folder. The researcher also notes that opening WhatsApp Gallery to send images or video is good enough to trigger the bug. Even if the user doesn’t send any file, the bug will get activated by giving remote access to the hackers. The Gallery folder shows preview of images, videos, and GIFs received on the app. WhatsApp automatically downloads and previews malicious GIFs, letting the bug automatically get triggered.

The bug worked well on smartphones running Android 8.1 and Android 9. On devices running Android versions below 8.0, the bug fails to register. WhatsApp spokesperson said, “The key point that the [vulnerability disclosure] makes is that this issue affects the user on the sender side, meaning the issue could in theory occur when the user takes action to send a GIF. The issue would impact their own device. It was reported and quickly addressed last month.”

The exploit affects all the WhatsApp versions till 2.19.230. The Facebook-owned platform has fixed the bug in v2.19.244.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: