WhatsApp bug allows hackers to hijack phones with bizarre gif

Sign up to our free weekly IndyTech newsletter delivered straight to your inbox

Sign up to our free IndyTech newsletter

Please enter a valid email address

Please enter a valid email address

SIGN UP

I would like to be emailed about offers, events and updates from The Independent. Read our privacy notice

A major security flaw that allows hackers to hijack people's phones by sending them a gif, has been discovered with WhatsApp.

The bug allows hackers to steal files and view chat messages from compromised Android devices.

It was discovered by a researcher who goes by the name Awakened.

The malware, known as a double-free vulnerability, is only triggered if a user opens the specially-created gif in the messaging app.

It works well for phones and devices running Android 8.1 and Android 9, though is less affective with older versions of Google's operating system, the researcher wrote in a detailed blog post describing the hack.

"In the older Android versions, double-free could still be triggered," Awakened said. "However, the app just crashes before reaching to the point that we could control the PC register."

Facebook-owned WhatsApp has issued a fix, though users will need to update to the latest version in order to avoid falling victim to the hack.

A spokesperson for the messaging app told The Independent that they were unaware of any WhatsApp users being affected by the issue.

"The issue was reported and quickly addressed," the spokesperson said. "We have no reason to believe this affected any users, though of course we are always working to provide the latest security features to our users."

Earlier this week it was revealed that the popular messaging app is testing a new feature that will see messages disappear after they are sent.

The introduction of self-destructing messages, which are currently only available in the beta version of the app, brings WhatsApp in line with a number of competitors, including Snapchat and Telegram.