Android phone hacked using WhatsApp with a GIF image

April 27, 2020

A GIF image can be used to perform a remote code execution attack on Android smartphones using WhatsApp. It is a double-free memory corruption bug that doesn’t actually reside in the WhatsApp code itself, but in an open-source GIF image parsing library that WhatsApp uses. However, WhatsApp has recently patched the critical security vulnerability in its app for Android, which remained unpatched for at least 3 months after being discovered, and if exploited, could have allowed remote hackers to compromise Android devices and potentially steal files and chat messages. The vulnerability was discovered by Vietnamese security researcher Pham Hong Nhat in May this year. It enables attackers to execute arbitrary code on targeted devices in the context of WhatsApp with the permissions the app has on the device.

The researcher stated in an interview “The payload is executed under WhatsApp context. Therefore, it has the permission to read the SDCard and access the WhatsApp message database”. “Malicious code will have all the permissions that WhatsApp has, including recording audio, accessing the camera, accessing the file system, as well as WhatsApp’s sandbox storage that includes protected chat database and so on…”

The working WhatsApp RCE vulnerability:

A parsing library is used by WhatsApp to generate a preview for GIF files when users open their device gallery before sending any media file to their friends or family. Thus, the vulnerability only gets executed when the victim itself simply opens the WhatsApp Gallery Picker while trying to send any media file to someone. If an attacker wants to send the GIF file to victims via any messaging platform like WhatsApp or Messenger, they need to send it as a document file rather than media file attachments, because image compression used by these services distorts the malicious payload hidden in images.

The CVE of the vulnerability: CVE-2019-11932

Vulnerable Apps, Devices, and Available Patches:

The issue affects WhatsApp versions 2.19.230 and older versions running on Android 8.1 and 9.0, but does not work for Android 8.0 and below. To protect yourself against any exploit surrounding this vulnerability, you are advised to update your WhatsApp to the latest version from the Google Play Store as soon as possible.

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Android phone hacked using WhatsApp with a GIF image

Security Team

Related Posts

Chinese APT Gelsemium Targets Linux Systems with New WolfsBane Backdoor

Microsoft Launches Windows Resiliency Initiative to Boost Security and System Integrity

Chinese Hackers Exploit T-Mobile and Other U.S. Telecoms in Broader Espionage Campaign

Our Offices

Corporate Office (HO):

UK Office:

Registered Office (Delhi):

Noida Office:

Phone:

Email

Click To Download

Download CyberSRC Services & Portfolio & Datasheets

Download Case Studies

Download Company Brochure