An unusual security issue has been identified in WhatsApp. A security research named Awakened, recently discovered that hackers were able to access the users files through malicious GIFs. The bug allows hackers to view files and chats of the attacked device.
It is a malware that is activated only when the user opens that particular created GIF. It is named as “Double-free Vulnerability”.
What is a Double-free Vulnerability?
When a program calls free twice with the same argument, the program’s memory management data structures become corrupted and could allow a malicious user to write values in arbitrary memory spaces. Basically it creates space for the hackers to initiate their illegal activities. This corruption anomaly can crash an app, or worse. The hackers need not to do anything, they just have to sit and wait for the user to open that GIF.
It is that the malware works well with phones and devices running on Android 8.1 and Android 9, though is less effective with older versions of Android operating system. In older versions of Android, double-free can still be activated, but before reaching to the point from where it can control the device’s data, the app crashes.
According to the research, the issues is with WhatsApp‘s Gallery view implementation, which generates previews for images, videos, and GIFs.
Malware history with WhatsApp:
In February this year, The Financial Times reported that there is a bug in WhatsApp, that allows hackers to slip in a virus that can gain access to all the files and folders in the device. The bug was immediately fixed by WhatsApp. But the number of affected users is still not identified.
Recently a kink was found in WhatsApp, that made way for hackers to maliciously send messages through the device. And now the Double Vulnerability free malware, though the number of affected users is not clear yet.
But, Facebook owned WhatsApp denies these claims, saying that the virus has not affect any users yet and cannot affect in future also. According to WhatsApp, the malware only affects the user on sender side, that means it can only affect if the user takes any action with that specific GIF. The bug would impact their own device. And this bug has been fixed by WhatsApp last month.
So for now the bug has been fixed by WhatsApp and a new updated version has also been released (WhatsApp version 2.19.244). If you have not updated yet, download the latest update as soon as possible.
For more updates related to technology stay tuned with Tech 100.