Is the WhatsApp under attack by GIFs?

Is the WhatsApp under attack by GIFs? 

Horace C. White 

Modern Tokyo Times

WhatsApp chats are vulnerable to malicious GIF – Expert Warns

Instant messaging services (IMS) enable users to seamlessly connect with friends, family members and colleagues. With such services, a user can send a very important message to another, and the message is delivered at the drop of a hat regardless of the geographic distance between them. Given that those messages are delivered in microseconds, and are fee-less, IMS is becoming more and more popular around the world. At the last count, WhatsApp Messenger, an IMS owned by the world’s most popular social media platform Facebook, is the most popular messaging platform with over 1.5 billion users from around the globe. People connect and interact with loved ones on-the-go. In other words, it helps them keep in touch in more ways than one. Well, people share very sensitive information because they believe that the network is secure – little did they know that they are not entirely accurate.

Details of WhatsApp Vulnerability

Awakened, a cybersecurity researcher has discovered that WhatsApp is vulnerable to harmful GIFs (i.e., Graphic Interchange Formats), which is capable of compromising the app’s files, messages, and user chat sessions. If you are using an Android smartphone, for example, you probably have the messaging app running on your smartphone without realizing it – meaning that you could potentially become the victim of this malicious GIF file. Referred to as CVE-2019-11932, this bug, the researcher says, is likely to be found around the WhatsApp for all versions below 2.19.244. Put simply, you should be on the lookout for this malicious file if your WhatsApp version falls within this version category. Awakened also noted that the harmful file is a double-free bug, which usually happens whenever the free() parameter is called two times on the same value.

Well, when this error is triggered, it has some far-reaching implications. Firstly, it could culminate memory leaks, corrupting the entire device’s memory. In turn, a hacker could gain unauthorized access to one’s mobile phone and overwrite various coding elements. On top of that, cybercriminals may execute arbitrary codes. In clearer terms, masked cyberattackers could show fake information on your mobile phone, overwriting genuine information on your mobile device. Just before Awakened went public with its announcement, the IT guru conducted a simple study to better grasp how the bug reacts to certain actions. Upon successfully creating the GIF file, he realized that he could trigger the vulnerability of the software to launch a remote code execution (RCE) attack.

Bug Technicality and User Safety

Giving a further explanation on GitHub, Awakened pointed out that there are two ways of triggering the malicious file. The first method is to install a harmful app on any Android device. When the app is now running on the device, it will then create a GIF file. When the GIF files are created, they can attack WhatsApp and smartly pilfer come files from the IMS app by making away with the library data

Another method the cyberattack could take place is when a smartphone user exposes his device to a harmful GIF payload in WhatsApp. This unsuspecting exposure could happen as an attachment or by other means. Upon alerting Facebook of this vulnerability, the cybersecurity researcher advised the IT firm to patch WhatsApp versions 2.19.244 and lower. In precise terms, Awakened strongly believes that patching the messaging app is safe at press time. Thus, this will problem-solve any vulnerability of the WhatsApp being under attack by GIFs.

Modern Tokyo News is part of the Modern Tokyo Times group

DONATIONS to SUPPORT MODERN TOKYO TIMES – please pay PayPal and DONATE to Modern Tokyo Times – International News and Japan News – Sawako Utsumi personal website and Modern Tokyo Times artist Modern Tokyo News – Tokyo News and International News