Skip to main content

Your WhatsApp chats were vulnerable to attacks for months due to GIF exploit

WhatsApp has patched a critical security loophole that left your private messages and media vulnerable to breaches. The bug allowed attackers to remotely access your phone’s storage and all the files it hosts including your WhatsApp texts, pictures, videos, GIFs, and audio messages.

In order to exploit the bug, a hacker simply had to send you a malicious payload masquerading as a GIF through any non-Facebook channels or as a document through WhatsApp and Messenger. That is because, on the latter platforms, Facebook’s compression distorts the malware’s content.

Recommended Videos

The vulnerability existed inside a library that WhatsApp (and a whole lot of other apps) uses to preview a GIF. The library’s functions kick in whenever you tap the attach-media button and WhatsApp loads a grid of thumbnails. Therefore, you don’t even need to open the GIF to trigger the fraudulent code. It automatically activates when WhatsApp attempts to show its thumbnail even when you’re looking for another picture, video, or GIF.

Spotted originally by a Vietnamese security researcher, Pham Hong Nhat, the loophole remained unpatched for about three months.

Hong Nhat reported it to Facebook back in late July and the social media giant company rolled out the fix through WhatsApp version 2.19.244 in September. So in case you haven’t updated WhatsApp in a while, we recommend you go ahead and do it right away from the Play Store.

The issue only affected Android phones running on Android 8.1 or above and none of the iOS versions. It’s bewildering as to why it exclusively impacted the recent Android builds that, in theory, have better privacy frameworks in place. Ironically, Pham Hong Nhat says the older versions employ an outdated code that prevented the payload from being able to execute.

Fortunately, the developer behind the library in question — Android GIF Drawable — has released a patch as well. Hence, the vulnerability most likely won’t expose your data on the rest of the apps which use it for parsing GIFs.

Earlier last month, another WhatsApp vulnerability was discovered by Google’s security research team. The bug enabled attackers to take over iOS users’ WhatsApp chats by sending them malicious links.

Shubham Agarwal
Shubham Agarwal is a freelance technology journalist from Ahmedabad, India. His work has previously appeared in Firstpost…
WhatsApp’s prepping a new photo collage feature for status updates
WhatsApp app icon appearing on a phone.

WhatsApp is developing a new feature for sharing stories called collage photos. As reported by Android Authority, this feature aims to enhance the clarity and effectiveness of status updates.

Found in WhatsApp version 2.25.8.5, the collage photos feature includes a Layout button that appears when you attempt to post a media status. From this button, you can attach up to six photos arranged in various grid options. Additionally, you have the ability to reposition images within the layout to suit your preferences.

Read more
WhatsApp makes move to cut the number of spam messages you get
WhatsApp logo on a phone held in hand.

Are you tired of seeing spam messages and getting notifications about being added to random chat groups from people you don't know? WhatsApp is working to limit the amount of spam messages you receive.

According to a report from TechCrunch, the chat platform announced on Tuesday that it will be testing monthly limits on the number of broadcast messages from both individual and business accounts in the coming weeks as part of an effort to reduce the amount of spam you'll get from those accounts whether you follow them or not. However, it's not entirely clear how many limits there will be.

Read more
WhatsApp’s testing a new feature to make your busy group chats less chaotic
The WhatsApp logo.

Last month, WhatsApp introduced new chat themes. The free messaging and video calling app is launching a new message threads feature to reduce chaos in group chats.

WABetaInfo discovered that a new Android beta version of WhatsApp includes a feature to organize message replies into threaded conversations. The site explains that “instead of scrolling through a long list of individual replies, users will be able to follow and view all the related responses in a dedicated thread, keeping the conversation structured and easy to follow.”

Read more