A cyber security researcher known as “Awakened”, revealed a vulnerability in the popular messaging app WhatsApp. Awakened believes the hackers were using a double-free vulnerability glitch. The glitch was mainly found in WhatsApp’s message preview feature which allows users to preview received messages of text, video, pictures or GIFs.
What is a Double-free vulnerability glitch? A double-free vulnerability is when the app crashes due to a memory corruption. When the app crashes it allows the hacker who sent the message to access that users’ smartphone bypassing the security and privacy functions of the phone.
Play-by-play of the hypothetical hack: So essentially the hacker uploads whatever corrupted gif, image, video, they choose into their own gallery. The hacker then sends it to any person or number they choose trying to gain access into their smartphone. The victim receiving the message then opens the message containing the vulnerability and as soon as they open up their gallery of attachments the hack automatically occurs. Awakened also suggested that if the hacker was in the victims’ contact list, the corrupted gif would download on its own onto the victim’s device.
WhatsApp’s response: Awakened brought the vulnerability to the attention of WhatsApp and Facebook and in response the bug was fixed. Users of WhatsApp do need to download the latest version of the app on their own volition to make sure that this vulnerability cannot affect them.
When using any sort of separate messaging system always make sure to stay informed of what’s going on with the app in regards to updates and patches. Often times people use these messaging apps to send vulnerable or personal information, so always make sure when using these apps that you are updated to the latest version. If not, you could be exposing yourself and the information you are sending to be taken or seen by unintended eyes.