WhatsApp Bug: Hackers Stealing Pvt Messages, Files With GIFs

Have you updated to the latest version of WhatsApp? Because the older version of the messaging app you are using may not be safe. Latest reports suggest that the Facebook-owned privacy-oriented messenger might put your private documents, files and messages at risk.

According to a recent report of a researcher, nicknamed ‘Awakened’, attackers are accessing private documents, files and messages of the WhatsApp users by using malicious GIFs. The anonymous researcher detected that the danger, stems from the double-free bug in the messaging app.

Double-free vulnerability refers to the memory corruption anomaly which can crash the app or in the worse scenario- open an exploit vector. This way, the attackers/hackers can obtain access to the user’s device.

The attackers design a malicious GIF and wait till the user opens the WhatsApp gallery.

The anonymous researcher explained the entire thing in a technical write-up published in GitHub. The write-up explained that the flaw is present in WhatsApp’s gallery view implementation which is used for generating previews of images, videos and GIFs.

Android users are in high-threat alert as the exploit will affect Android devices. The researcher writes, “The exploit works well for Android 8.1 and 9.0, but does not work for Android 8.0 and below.”

Further, the writer added, “In the older Android versions, double-free could still be triggered. However, […] the app just crashes before reaching to the point that we could control the PC register.”

On the go, the researcher has informed Facebook of the increasing privacy threat and the tech-giant has reportedly fixed the issue. The researcher has advised the users to download the latest version of WhatsApp to stay protected from the exploitation and privacy-threat.

In his blog post, the researcher urged the app users, “Facebook acknowledged and patched it officially in WhatsApp version 2.19.244. WhatsApp users, please do update to latest WhatsApp version (2.19.244 or above) to get rid of this bug.”

Probably, this is for the first time the messaging app has dealt with potentially harmful flaws in its software.

Earlier this year, the Financial Times had reported a vulnerability in the messaging app which allowed the attackers to slip in spyware of the users’ devices. Soon after the report published, WhatsApp immediately took initiatives to fix the issue. But, in the row, the company didn’t clarify how many users were affected.

Recently, the researchers had found a kink in WhatsApp which made it possible for the attackers to manipulate or spoof messages. However, it is still unclear whether the attackers were able to exploit the double-free vulnerability in the wild or not.