GIFs Shared On Whatsapp Can Steal Your Files, Pictures & Videos: This Is How You Can Avoid This
You should strongly consider updating your Whatsapp right now as a disastrous bug found in this application. Which can lead all the messages and files present on your mobile to a security risk.
It’s so nasty that it can get access to your files and messages that too by just using some malicious GIFs.
How Can You Be at Risk?
According to a researcher known as nickname Awakened, the problem is caused by a double-free bug in this Facebook-owned privacy-oriented messenger.
A double-free vulnerability is a memory corruption anomaly, it’s so destructive that it can even cause a crash of an application. The worst case would be, It can open an exploit vector or in simple words it can provide a way which can be used by hackers to gain access to the device.
The only thing they have to do is, create a malicious GIF and the once user opens the Whatsapp gallery, their work is done.
How Did This Happen?
According to researchers, the WhatsApp gallery view has this flaw which was implemented to show preview for images, videos and GIFs.
This vulnerability affects Android devices primarily. Awakened writes “The exploit works well for Android 8.1 and 9.0, but does not work for Android 8.0 and below, In the older Android versions, double-free could still be triggered. However, […] the app just crashes before reaching the point that we could control the PC register,”.
Whatsapp has already fixed the vulnerability when researchers have informed them about it. So to fix the issue, users should download the latest version of whatsapp on their mobiles and install it.
The researchers suggest that “Facebook acknowledged and patched it officially in WhatsApp version 2.19.244. WhatsApp users, please do update to the latest WhatsApp version (2.19.244 or above) to get rid of this bug,”. (Reference awakened)
It Happened Earlier Too
This is not the first that Whatsapp found a potential bug in its application. In July there was a vulnerability reported by Symantec too.
They had conducted a research which showed that apps like WhatsApp and Telegram and the media files saved on smartphones would easily fall prey to malicious programs into modifying them even before the users get to the original documents.
It also believed that there was a possibility of a new security flaw known as Media File Jacking.
Symantec, the cybersecurity company, also noted that this affects WhatsApp for Android by default. You can read the full story here.
This scenario reminds me of the quote by Chief Security Officer, Fastly, Window Snyder “ One single vulnerability is all an attacker needs,”.