Pictures say things which words can’t, but a GIF can create emotions. Today, GIF is everywhere, on your social media, chat messengers, message boards, etc. All of us use them to express our emotions. What if I say these short looping clips can hack your smartphones?
You may think I am joking, but I am not. Recently, Whatsapp patches a critical security vulnerability that could app hackers access your Andriod device by sending a GIF. Whatsapp couldn’t patch the issue for three months since it was discovered.
What is this bug?
The vulnerability which was named CVE-2019-11932 is a double-free memory corruption bug. This bug doesn’t exist in the Whatsapp code but in an open-source GIF. Downloading the gif isn’t the problem. Your mobile is hacked when you sent the same GIF to someone else. After which the hacker could remotely execute operations on your phone under the pretext of Whatsapp. This was discovered by Vietnamese security researcher Pham Hong Nhat in May this year.
How does this bug function?
Whatsapp uses the parsing library to generate a preview for GIF files. The user selects any one of them from their device’s image gallery and then sent it to anyone. If the GIF you sent, is a malicious one, your phone is hacked. All an attacker needs to do is send a specially crafted malicious GIF file to an Android device and then wait. This won’t work with apps that don’t support GIF.
How do I keep my device safe?
Well, Whatsapp has patched the issue, so we urge you to update your WhatsApp messenger ASAP. If you are running on Android 8.1 and 9.0, then you are safe from the attack. Nhat told Whatsapp in late July and even-handed the company a security patch that is released in September.
As the bug was due to an Android GIF library, called Android GIF Drawable. IOS is unharmed by this attack. Android GIF Drawable has also patched the issue. Besides all of this, any android app which uses the same affected library is also vulnerable to this attack.