You probably don’t think twice before sending a nice little looping image to a friend on WhatsApp.
But the next gif you send could cause you terrible pain and anguish.
Security researchers have discovered a nasty bug which lets hackers attack innocent victims.
The ‘exploit’ can be hidden inside a gif.
Once a victim downloads the graphic, it will lurk on their phone until they decide to send it.
When they open the WhatsApp gallery and try to send it to someone, the hidden payload will strike.
A victim doesn’t even need to open the file to fall victim to it.
Lurking inside the gif is code which allows hackers to read a victim’s private messages.
The code also allows a ‘remote code execution’ attack, which means a hacker can access your phone’s system.
Once they’ve cracked in to a phone, crooks might look for sensitive information, install malicious software or even quietly hijack the device to infect other targets.
Luckily, the bug was discovered by a ‘technologist and security enthusiast’ using the pseudonym Awakened, who posted it to Github.
They also alerted WhatsApp, who fixed the bug in a new release of the software, and wrote: ‘WhatsApp users, please do update to latest WhatsApp version (2.19.244 or above) to stay safe from this bug.’
The scariest aspect of the exploit is that it doesn’t even need to be opened to strike.
Awakened added: ‘Take note that the user does not have to send anything because just opening the WhatsApp Gallery will trigger the bug.
‘No additional touch after pressing WhatsApp Gallery is necessary.’
The glitch affects Android devices, so Apple iPhone owners are safe from it.
Source: Read Full Article