A Newly Uncovered WhatsApp Bug Proves That GIFs Are Not So Innocent

How do you like GIFs? If you’re online every single day, you probably cannot imagine your social media or even your text messaging without them. Maybe you use them as memes. Maybe you attach one to your currency transaction when you pay back your friend via some payment app. All in all, GIFs splash some color into our daily routine, so it is clear why they are so popular. However, some GIFs could prove to be problematic, too. This is exactly what happened with the newest WhatsApp bug that was unearthed by a security researcher from Singapore.

Before we go deeper into this issue, perhaps we should shed a light on other problems that WhatsApp experienced over the last year. It is not surprising at all because it is one of the most popular messaging apps in the world with more than a billion users, and so it is a popular target for various cyber attacks. There are also many ways out there to exploit potential WhatsApp bugs and vulnerabilities. For example, back in August, we talked about WhatsApp spyware that can steal important information from your Facebook, Microsoft, Amazon, Google, and Apple accounts. Security experts maintain that most of these vulnerabilities can be taken care of if users update their WhatsApp regularly.

However, WhatsApp bugs aren’t the only instruments for scams to reach vulnerable users. Phishing attacks can also be employed to trick gullible users into revealing their personal information or giving away their money. So, it is clear that WhatsApp and its users are always targeted by cyber crooks, and the latest GIF vulnerability would just provide them with another attack vector. After all, who could ever think that malware spreads via GIF?

Luckily, it doesn’t look like the vulnerability that allowed malware to spread via GIF was exploited by criminals. And WhatsApp has always issued an update that fixes this bug. However, let us tell you more about it in greater detail.

WhatsApp Bug in GIFs

The vulnerability that can virtually turn a GIF into a malware dropper was discovered by Awakened, a security researcher from Singapore. The researcher posted about vulnerability in their blog, and the blog also says that Facebook recognized the vulnerability, and it was already patched in the WhatsApp version 2.19.244. If you happen to use an older version of the app, you should definitely update it immediately. New versions aren’t all about fancy layouts, new design, and functions. It’s also important to update the apps you use due to a number of security concerns.

So, how did this vulnerability enable malware to spread via GIF? Awakened says that with this WhatsApp bug, a cybercriminal could send a corrupted GIF file to the victim through various channels. It could be a random document sent through WhatsApp chats. The corrupted GIF could also be downloaded automatically if the victim has the attacker on the contact list. So now, the corrupted file is already in the user’s gallery. The next time the user opens WhatsApp Gallery to send anything through the app, they will trigger the bug. Awakened also points out that the victim doesn’t even need to send anything. Opening the gallery alone can trigger the infection.

Since it is only a vulnerability that has been patched already, and we haven’t seen any instances of infections using it, it is not that easy to say how it could be employed. Awakened gives some insight, on what could happen if this WhatsApp Bug were to be exploited. The researcher says that the bug can be turned into a Remote Code Execution. Depending on what the attacker might want to do, the bug could allow malware to spread via GIF, and then the criminals could gain access to user’s chat history and other personal information.

The Patch is out

Of course, as we have mentioned already, the WhatsApp bug has already been patched. Your job right now is to make sure that you use the latest version of the application. If you have the automatic update function on, there’s nothing to worry about. On the other hand, you can always check the app’s specifications in your Settings menu, and if you see that the system offers to install a newer version, you might as well want to do that.

Is there anything else you can do to protect your personal information from malicious exploitation? Aside from updates, passwords are also very important when it comes to account security. If you do not feel confident about creating strong passwords on your own, you can employ a password manager to do it for you. While you are at it, you can always create new passwords for all of the other apps you have on your device.

Now, it is also possible to use third-party lock apps to protect WhatsApp from being hacked. Maybe you wouldn’t want to employ yet another application to protect your data, but it’s an option you might want to consider.

Also, let’s not forget about two-factor authentication, too. WhatsApp allows you to turn on this additional layer of authentication, which protects your account from potential hacks and exploitations. With two-factor authentication on, only you would have or receive the token that would allow you to access the account. Although it is possible to crack this type of authentication, it definitely adds another hurdle for the hackers to jump over, and you should turn it on as soon as possible.

All in all, any security specialist would tell you that when a smart hacker wants to crack a system, they can do it no matter how many hurdles you put in their way. However, the chances of getting hacked are way lower when you employ all the potential security measures. Since it is very unlikely that the WhatsApp bug we have discussed will be used to spread malware, you can breathe a sigh of relief. But please stay alert whenever you encounter unfamiliar content or when you receive messages from unknown senders: cyber scam is always just a click away!

December 6, 2019

Leave a Reply