DIGITAL LIFE
Hackers hack into WhatsApp using only one GIF
Like many other systems, WhatsApp is not perfect when it comes to security. Some cases where system vulnerabilities have been used by hackers make this clear. Now a new flaw has been discovered that may affect users of the Android version of the app who have not yet upgraded.
The vulnerability allows an attacker to use a GIF format image file to access all user content. The bug was identified and shared by Awakened 'techie and information security enthusiast' on the Github forum with a detailed explanation of how it works.
It's a complex process, but essentially the bug depends on the attacker sending a malicious GIF file to the victim's device using any channel - it could be WhatsApp, email or some other means of messaging.
With GIF on the device, when the victim opens the WhatsApp gallery to upload any image - not necessarily it - the vulnerability is triggered and the device and its content become susceptible to intrusion and information theft.
"WhatsApp users," Awakened warns in his post, "upgrade to the latest version of the application (2.19.244 or higher) to be safe from this vulnerability."
Still according to Awakened, the vulnerability is restricted to Android devices. "The bug works fine on Android 8.1 and 9.0, but it doesn't work on Android 8.0 and later. In older versions of the system, the dual release could still be triggered. However, the app crashes before we could reach the point where we could. control PC registry ".
From the technical point of view, the attack performs a process called double release, in which the device can be affected in different ways, either by crashing the application or accessing different files present on the device.
In a statement to The Next Web, WhatsApp stated that there were no reports of users affected by the vulnerability and that "this issue affects the user on the sender side, which means that theoretically the problem could occur when the user performs a action to send a GIF. The issue would involve your own device. "
Awakened, in turn, commented on the app's statement and said the "statement is not correct. The spokesman must have misunderstood the issue." What he means is that while there is some action on the victim's side, if the attacker were able to deploy the image to the device - through any channel - the vulnerability could be exploited.
WhatsApp also reported that the bug "was reported and resolved quickly last month. We have no reason to believe that this has affected any users, although obviously we are always working to provide the latest security features."
While the vulnerability seems to affect only Android devices, the advice to update the app is for everyone. When a vulnerability hits the public, it is always possible to exploit it - attackers are aware that many users do not update their applications as often as they should.
Source: Forbes
No comments:
Post a Comment