WhatsApp flaw allows Android phone to be hacked with a GIF

You know, updating software and applications is a very important security behavior. Recent evidence comes from this case: an expert on the subject who identifies himself as Awakened found a fault in the Whatsapp which allows Android smartphones to be invaded from a GIF.

It all starts with sending a GIF file prepared to exploit the vulnerability in question. This image can be sent by any channel, for example, the WhatsApp document sharing function.

The important thing is that the file is saved on the phone. If the attacker (or a friend with a previously compromised cell phone, for example) is on the user’s contact list, this file will be downloaded automatically. Then, when the victim opens the image gallery from WhatsApp, the flaw will be exploited, even if the GIF is not selected.

WhatsApp (image: Pixabay)

This is because the application performs a preview of the content when the gallery is opened and, in the case of GIFs, triggers a name library libpl_droidsonroids_gif.so to start it. Well, the flaw is in that component.

When exploited, the vulnerability could corrupt memory content. What happens next depends on the attacker’s intentions. Applications may stop working correctly or the device’s content can be accessed remotely by third parties, for example.

Apparently, the flaw can be exploited only on smartphones running Android 8.1 and 9.0. The good news is that the vulnerability has been fixed as of WhatsApp version 2.19.244, released in early September.

In a note, Facebook acknowledged the bug, but said the problem was resolved quickly, so “it has no reason to believe that the vulnerability has affected users”.

Awakened explained the failure in detail on this page on GitHub.

With information: The Next Web.

Leave a Comment