Close X
Thursday, November 28, 2024
ADVT 
International

Warning: Malicious Flaw Affects 1 Billion WhatsApp Users

Darpan News Desk IANS, 04 Oct, 2019 09:02 PM

    WhatsApp is by far one of the most secure messaging platforms in the world; however, like every technology out there, it does come with its own set of unique flaws.


    This year itself, various reports have disclosed certain vulnerabilities that have plagued WhatsApp which can be exploited by attacks or which have the potential to leave users open to harmful consequences. The flaws range from sophisticated nation-state attacks to misleading functionality as well as targeted hacking.


    Recently, a new bug has come to light that allows an attacker to use a malicious GIF image file to open a vulnerability in WhatsApp and potentially access user content. As per a report by Forbes, this bug was identified and shared by “technologist and information security enthusiast” Awakened on Github. Also, there is a detailed explanation of how this bug works.


    It’s a bit complex but basically, the bug depends on an attacker pushing the malicious GIF file to the victim’s device through any channel. This could include WhatsApp, email or any messaging platform.


    With this GIF on the device, when a victim opens the gallery within WhatsApp to send any image (not necessarily a malicious image), the hack gets activated and the device and its contents become potentially vulnerable.


    WhatsApp needs to step up its game in five areas.


    Wakened has warned, “WhatsApp users please do update to latest WhatsApp version (2.19.244 or above) to stay safe from this bug.”


    The report states, “From a technical perspective, the attack relies on a so-called double-free bug, where the same memory address on the device is called twice, pushing memory allocation into an unexpected spin, which either crashes the app or opens the vulnerability.


    Replicating an attack using the bug does not seem to be entirely reliable, and affects different versions of the operating system software in different ways, but a bug is a bug and once identified can be developed and expanded upon.”


    Speaking to TNW regarding this bug, WhatsApp states there have been no reports of any attacks on users exploiting this vulnerability. What’s more “this issue affects the user on the sender side, meaning the issue could, in theory, occur when the user takes action to send a GIF. The issue would impact their own device.”


    To this Awakened says, “I would say that the above claim is not correct. The spokesperson must have misunderstood the issue.”


    What Awakened is trying to say is that although there is some trigger that’s required from the victim’s side, opening the gallery within WhatsApp is a regular task and nothing that would raise suspicion. So, as long as the attacker has planted the image on the device, the vulnerability can be exploited.


    WhatsApp states that the bug “was reported and quickly addressed last month. We have no reason to believe this affected any users though of course, we are always working to provide the latest security features to our users.”


    The report by Forbes goes on to state, “The bug has been identified and patched—the specifics of how it’s exploited matter less now than ensuring that users update to the latest version of the app.


    And while this only seems to impact Android devices, that advice to update is universal. Once a vulnerability reaches the public domain, there is always a risk of it being used—would-be attackers are well aware of the inertia that sees many users update apps much more sporadically than is healthy for their data security.”

    MORE International ARTICLES

    Every 4th Non-resident Foreign National In US In 2016 An Indian: Report

    Every 4th Non-resident Foreign National In US In 2016 An Indian: Report
    Every fourth non-resident foreign national in the US in 2016 was an Indian, according to a report which states that about 60 per cent of the resident non-immigrants were citizens of Asian countries, with those from China accounting for 15 per cent.

    Every 4th Non-resident Foreign National In US In 2016 An Indian: Report

    Heavy Rain Wreaks Havoc, Kills 2 In Houston Ahead Of ‘Howdy, Modi’ Event

    Tropical Depression Imelda slammed Texas on Thursday, causing devastating flooding, power outages and prompting urgent rescues and warnings across south-eastern Texas for people to stay indoors.    

    Heavy Rain Wreaks Havoc, Kills 2 In Houston Ahead Of ‘Howdy, Modi’ Event

    Pakistan Can Choose To Stoop Low, We Will Soar High: India Ahead Of UN Meet

    UN General Assembly: "What they want to do is their call. We've seen them mainstream terrorism in the past. And what you're now telling me is they may want to mainstream hate speech. It's their call, if they want to do that. Poison pens don't work for too long," he said.  

    Pakistan Can Choose To Stoop Low, We Will Soar High: India Ahead Of UN Meet

    Pakistan Activist Gulalai Ismail 'Escapes' To US, Seeks Political Asylum

    Ismail has launched a research and advocacy group called Voices for Peace and Democracy aimed at protecting women in the conflict-hit zones of the world.  

    Pakistan Activist Gulalai Ismail 'Escapes' To US, Seeks Political Asylum

    Modi's Houston Visit May Seal Major Energy Deal

    Prime Minister Narendra Modi's upcoming agenda-heavy US visit may start a new phase of corporate relations between major energy companies of the two countries.    

    Modi's Houston Visit May Seal Major Energy Deal

    Tulsi Gabbard Welcomes PM Modi To US, Apologises For Skipping 'Howdy Modi'

    Tulsi Gabbard, a member of the Democratic Party of the United States clarified that she won't be able to present at the event due to prior commitments related to her scheduled presidential campaigns.  

    Tulsi Gabbard Welcomes PM Modi To US, Apologises For Skipping 'Howdy Modi'