WhatsApp bug allows hackers to hijack phones with bizarre gif

Users of the messaging app should update to the latest version to protect their privacy

Anthony Cuthbertson

Sunday 06 October 2019 08:49

✕

Whatsapp bug allows hackers to hijack phones with bizarre gif

A major security flaw that allows hackers to hijack people's phones by sending them a gif, has been discovered with WhatsApp.

The bug allows hackers to steal files and view chat messages from compromised Android devices.

It was discovered by a researcher who goes by the name Awakened.

The malware, known as a double-free vulnerability, is only triggered if a user opens the specially-created gif in the messaging app.

It works well for phones and devices running Android 8.1 and Android 9, though is less affective with older versions of Google's operating system, the researcher wrote in a detailed blog post describing the hack.

12 useful WhatsApp features you didn’t know existed

Show all 12

1/1212 useful WhatsApp features you didn’t know existed

You can unsend a message by tapping and holding it, hitting the Delete symbol and selecting Delete for Everyone. The feature works for all types of messages, but only if they were sent less than seven minutes ago.

WhatsApp’s blue ticks show when sent messages have been read, but you can disable them buy going to Settings > Account > Privacy > Read Receipts. However, bear in mind that, by doing so, you’ll lose the ability to see when your own sent messages have been read. Another, more fiddly way of reading your messages without triggering the blue ticks, is enabling Aeroplane Mode before opening your messages - just remember to close the app before switching Aeroplane Mode off again.

Prevent your friends from finding out when you were last online by hiding your last seen time. Go to Settings > Account > Privacy > Last Seen. As is the case with disabling read receipts, hiding your ‘last seen’ time will also stop you from seeing anybody else’s.

You can control how much data you munch through on WhatsApp by limiting the types of media you automatically download on a mobile connection. Go to Settings > Data Usage and choose the best option for you.

If you’re expecting an important WhatsApp message from someone, set a custom notification for them by opening the chat, tapping their name at the top and hitting Custom Notifications.

To jazz up any of your messages, simply highlight it by tapping and holding it, hit the More Options key on the pop-up menu and tap the formatting option you want - bold, italic, strikethrough or monospace.

You can get Siri or Google Assistant to type your WhatsApp messages out for you by saying either “Hey Siri” or “Okay Google”, followed by the name of the person you want to message and the actual contents of the message.

When you’ve read a message but can’t reply to it straight away, you can set a visual reminder by marking it as unread. On Android, long-press the conversation, and on iOS, swipe from left to right on a chat.

You almost certainly won’t do this on a regular basis, but it’s a handy option to have. You can export entire conversations - complete with emoji and media attachments - by hitting More inside a chat a selecting Email Chat.

You can send the same message to lots of your contacts without lumping them all into one group, much like the BCC option on email, by hitting the New Broadcast option on the app’s main menu.

You pin up to three contacts and groups to the top of your WhatsApp conversation list by tapping and holding a chat, then hitting the pin icon.

You can easily mark key messages with a star, allowing you to find them easily when you need to. Just tap and hold a message and hit the star icon to save it, and return to it later by selecting Starred Messages in WhatsApp’s main menu.

"In the older Android versions, double-free could still be triggered," Awakened said. "However, the app just crashes before reaching to the point that we could control the PC register."

Facebook-owned WhatsApp has issued a fix, though users will need to update to the latest version in order to avoid falling victim to the hack.

A spokesperson for the messaging app told The Independent that they were unaware of any WhatsApp users being affected by the issue.

"The issue was reported and quickly addressed," the spokesperson said. "We have no reason to believe this affected any users, though of course we are always working to provide the latest security features to our users."

Earlier this week it was revealed that the popular messaging app is testing a new feature that will see messages disappear after they are sent.

The introduction of self-destructing messages, which are currently only available in the beta version of the app, brings WhatsApp in line with a number of competitors, including Snapchat and Telegram.

Join our new commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies