The old saying of a picture is worth a thousand words has just evolved into 2020 one: a GIF is worth a thousand pictures (and all your private data)
GIFs aren’t a secret anymore, they are everywhere on your social media, on your message boards, on your chats.
As everything that is widespread, it can become malicious in no time, and GIF just did that! A simple Good morning, Happy Birthday, or Merry Christmas GIF message can now hack your smartphone?
Cybercriminals are now using a flaw that if exploited, could compromise an entire phone running Android and steal all your files and chat messages.
The vulnerability, known as CVE-2019-11932, is, in fact, a double-free memory corruption bug that doesn’t reside in the WhatsApp code itself, but in an open-source GIF image parsing library that WhatsApp uses.
How can be used:
By exploiting a hacker can successfully rune remote code execution cyberattacks. This works because the payload is executed under WhatsApp context, which has the permission to read the SDCard and access the WhatsApp message database, meaning that all your private data can end up in hackers’ hands.
All an attacker needs to do is send a specially crafted malicious GIF file to a targeted Android user and wait for the user to just open the image gallery in WhatsApp.
The nightmare doesn’t stop here a hacker can also record audio, access your camera, file system, as well as WhatsApp’s sandbox storage that includes protected chat database and many other private data.
How it works:
Researchers explain that the vulnerability does not get triggered by sending a malicious GIF file to a victim; instead, it gets executed when the victim itself simply opens the WhatsApp Gallery Picker while trying to send any media file to someone.
This issue affects all WhatsApp versions up to 2.19.230 running on Android 8.1 and 9.0, but does not work for Android 8.0 and below.
The good news is that Facebook, who owns WhatsApp, has already released a security patch for WhatsApp in version 2.19.244.
To protect yourself against any exploit surrounding this vulnerability, you are recommended to update your WhatsApp to the latest version from the Google Play Store as soon as possible.
WhatsApp for iOS is not affected by this vulnerability.