Skip to main content

Your WhatsApp chats were vulnerable to attacks for months due to GIF exploit

WhatsApp has patched a critical security loophole that left your private messages and media vulnerable to breaches. The bug allowed attackers to remotely access your phone’s storage and all the files it hosts including your WhatsApp texts, pictures, videos, GIFs, and audio messages.

In order to exploit the bug, a hacker simply had to send you a malicious payload masquerading as a GIF through any non-Facebook channels or as a document through WhatsApp and Messenger. That is because, on the latter platforms, Facebook’s compression distorts the malware’s content.

The vulnerability existed inside a library that WhatsApp (and a whole lot of other apps) uses to preview a GIF. The library’s functions kick in whenever you tap the attach-media button and WhatsApp loads a grid of thumbnails. Therefore, you don’t even need to open the GIF to trigger the fraudulent code. It automatically activates when WhatsApp attempts to show its thumbnail even when you’re looking for another picture, video, or GIF.

Spotted originally by a Vietnamese security researcher, Pham Hong Nhat, the loophole remained unpatched for about three months.

Hong Nhat reported it to Facebook back in late July and the social media giant company rolled out the fix through WhatsApp version 2.19.244 in September. So in case you haven’t updated WhatsApp in a while, we recommend you go ahead and do it right away from the Play Store.

The issue only affected Android phones running on Android 8.1 or above and none of the iOS versions. It’s bewildering as to why it exclusively impacted the recent Android builds that, in theory, have better privacy frameworks in place. Ironically, Pham Hong Nhat says the older versions employ an outdated code that prevented the payload from being able to execute.

Fortunately, the developer behind the library in question — Android GIF Drawable — has released a patch as well. Hence, the vulnerability most likely won’t expose your data on the rest of the apps which use it for parsing GIFs.

Earlier last month, another WhatsApp vulnerability was discovered by Google’s security research team. The bug enabled attackers to take over iOS users’ WhatsApp chats by sending them malicious links.

Editors' Recommendations

Shubham Agarwal
Shubham Agarwal is a freelance technology journalist from Ahmedabad, India. His work has previously appeared in Firstpost…
WhatsApp is copying two of Zoom’s best video-calling features
Call Links by WhatsApp

WhatsApp is taking a couple of pages out of Zoom's playbook. The Meta-owned company is rolling out the Call Links feature, making it easier for people to join audio and video calls with just one tap on the phone screen.

Mark Zuckerberg announced the new feature in a Facebook post on Monday morning. Starting this week, WhatsApp users will be able to tap the Call Links option within the Calls tab and create a link for audio or video calls to send to their friends and family, who will then tap on the link and join the call from there.

Read more
WhatsApp just upgraded its emoji reactions and I want them now
Close up of WhatsApp icon as seen on a smartphone display. Credits: WhatsApp official.

WhatsApp will now allow users to react to messages with any emoji, in an expansion of its reaction feature that came out last year. It's coming to iOS and Android over the coming weeks, and it brings more personalization to one of the world's most used messaging apps.

Once you get the update, the emoji reactions will work as they do now, with a long press bringing up the basic six options with the incision of a new plus button. Pressing that plus icon will show you the new expanded set of emojis, and you'll be able to add whatever emoji you want. This includes skin tone variations, family types, and more.

Read more
You can finally move your WhatsApp chats from Android to iOS
WhatsApp and Telegram app icons.

Moving WhatsApp chats from Android to iOS has been a painful task for years. But not anymore, as Apple and WhatsApp have made the process a whole lot easier. Starting today, Apple is adding a feature that allows you to move chats between the two platforms. The feature is a part of Apple’s existing “Move to iOS” Android application. It’s worth noting that the feature is currently available for beta users only, so non-beta users might have to wait for a week or two as it's rolled out in phases.

This is a big move since 2 million people use WhatsApp and, until now, there wasn’t an official method to move conversations between Android and iOS. There have been third-party solutions here and there, but nothing officially backed by Apple or WhatsApp. With the feature becoming available, users will be able to move their chats swiftly from Android to iOS.

Read more