Pictures say things which words canโ€™t, but a GIF can create emotions. Today, GIF is everywhere, on your social media, chat messengers, message boards, etc. All of us use them to express our emotions. What if I say these short looping clips can hack your smartphones?

You may think I am joking, but I am not. Recently, Whatsapp patches a critical security vulnerability that could app hackers access your Andriod device by sending a GIF. Whatsapp couldnโ€™t patch the issue for three months since it was discovered.

What is this bug?

Your Phone can be Hacked by Sending a GIF on WhatsApp
Your Phone can be Hacked by Sending a GIF on WhatsApp

The vulnerability which was named CVE-2019-11932 is a double-free memory corruption bug. This bug doesnโ€™t exist in the Whatsapp code but in an open-source GIF. Downloading the gif isnโ€™t the problem. Your mobile is hacked when you sent the same GIF to someone else. After which the hacker could remotely execute operations on your phone under the pretext of Whatsapp. This was discovered by Vietnamese security researcher Pham Hong Nhat in May this year.

How does this bug function?

Whatsapp uses the parsing library to generate a preview for GIF files. The user selects any one of them from their deviceโ€™s image gallery and then sent it to anyone. If the GIF you sent, is a malicious one, your phone is hacked. All an attacker needs to do is send a specially crafted malicious GIF file to an Android device and then wait. This wonโ€™t work with apps that donโ€™t support GIF.

How do I keep my device safe?

Well, Whatsapp has patched the issue, so we urge you to update your WhatsApp messenger ASAP. If you are running on Android 8.1 and 9.0, then you are safe from the attack. Nhat told Whatsapp in late July and even-handed the company a security patch that is released in September.

As the bug was due to an Android GIF library, called Android GIF Drawable. IOS is unharmed by this attack. Android GIF Drawable has also patched the issue. Besides all of this, any android app which uses the same affected library is also vulnerable to this attack.

LEAVE A REPLY

Please enter your comment!
Please enter your name here