Did You Know Just A GIF Image Could Have Hacked Your Android Phone
Today, short loop clips, GIFs are everywhere: in their social networks, on their message boards, in their chats, helping users to express their emotions perfectly, making people laugh and reliving most notably.
But what happens if an innocent-looking GIF greeting with a Good morning, Happy birthday or Merry Christmas message hacks your smartphone?
Well, it is no longer a theoretical idea.
WhatsApp has recently patched a critical security vulnerability in its Android application, which remained unpatched for at least 3 months after it was discovered, and if it exploded.
It could have allowed remote hackers to compromise Android devices and potentially steal files and chat messages.
WhatsApp Remote Code Execution Vulnerability
The vulnerability, tracked as CVE-2019-11932, is a doubly free memory corruption error that does not actually reside in the WhatsApp code, but in an open-source GIF image analysis library that uses WhatsApp.
Discovered by Vietnamese security researcher Pham Hong Nhat in May this year, the problem successfully leads to remote code execution attacks, allowing attackers to execute arbitrary code.
“The payload is executed in the context of WhatsApp. Therefore, you have permission to read the SD card and access the WhatsApp message database,” the researcher told The Hacker News in an email interview.”
“The malicious code will have all the permissions that WhatsApp has, including audio recording, camera access, file system access, as well as WhatsApp sandbox storage that includes a protected chat database, etc. “
How Does WhatsApp RCE Vulnerability Work?
WhatsApp uses the analysis library in question to preview the GIF files when users open the gallery of their device before sending any multimedia file to their friends or family.
However, if the attackers want to send the GIF file to the victims through any messaging platform such as WhatsApp or Messenger, they must send it as a document file instead of media attachments, because the image compression used by these services Distorts the malicious load hidden in the images. Did You Know Just A GIF Image Could Have Hacked Your Android Phone
However, if the attackers want to send the GIF file to the victims through any messaging platform such as WhatsApp or Messenger, they must send it as a document file instead of media attachments, because the image compression used by these services Distorts the malicious load hidden in the images.
- Does The Robot Need Our Sympathy And Love?
- How To Start A Profitable Online Coaching Business
- How To Increase Instagram Followers In 2019
- Home Based Business Ideas You Can Start With No Money in 2019
- Earn money online in Pakistan without investment 2019
- Artificial Intelligence Video Creation 2019: Full Automation
- How to Hack Wifi Password
- What Is On-Page Seo?