Android Users Suffer The Latest WhatsApp Hacking

Your Android smartphone might be the gateway to you being hacked following a new WhatsApp scam that will see the latest bug allow hackers to steal files from your smartphone. In the latest hacking scandal, hackers will also be able to view your WhatsApp chats just by sending you a GIF that plays automatically to set off a malicious code.

The said bug easily Compromises android devices because of the double-free behavior in android an error that could provide the hacker the same memory address, therefore, allowing access without your consent. Once the GIF automatically opens, it triggers the double-free bug giving access to the hacker.

According to awakened, you can be attacked in either of two ways;

  • Local privilege escalation: (from a user app to WhatsApp): A malicious app is installed on the Android device. The app collects addresses of zygote libraries and generates a malicious GIF file that results in code execution in WhatsApp context. This allows the malware app to steal files in WhatsApp sandbox including the message database.

 

  • Remote code execution: Pairing with an application that has a remote memory information disclosure vulnerability (e.g. browser), the attacker can collect the addresses of zygote libraries and craft a malicious GIF file to send it to the user via WhatsApp (must be as an attachment, not as an image through Gallery Picker). As soon as the user opens the Gallery view on WhatsApp (who never sends media files to friends, right?), the GIF file will trigger a remote shell in WhatsApp context.

Android users running on Oreo and Android 9.0 pie making a substantial amount of the market share are, therefore, being advised to update their versions in order to avoid being compromised. Forwarded GIFs either on group chats or individual timelines containing the bug, hackers will only be able to access your phone if you have the old version of either the old Android Oreo and 9.0 pie versions launched in 2017 and 2018 respectively.

See also  Kenyan Fintech startup Kwara Selected for Norrsken Impact Accelerator Program

The quick fix for your device’s protection is activating the android update you have been avoiding for some time now. Anycase you are not able to update your Operating System (OS) your WhatsApp version will need an upgrade, at least a newer version than the 2.19.244.

Gathoni Kuria

You may also like...