WhatsApp Hacking: Here's How Your Messages Can Be Compromised

Remote Code Execution via GIF.  The world by taking advantage of the way that whatsapp process images

WhatsApp hacking

This is the next big privacy threat you might face on your favourite instant messenger app WhatsApp. Security researchers have discovered an app bug that could let hackers hijack WhatsApp. In an advisory, the Facebook-owned messaging app said it has blocked the flaw before it was exploited. WhatsApp said the bug, found in the Google Play Store, let hackers take over WhatsApp and change a user's contact details, including phone number and message content. But WhatsApp said the flaw was not a bug in the app's code but in the Google Play Store's support feature. The glitch enabled attackers to send a message to a user that would trick them into thinking they were messaging their intended recipient, when in fact they were instead contacting a hacker who had already had a go at the victim.

How does WhatsApp hacking work?

When a hacker sends a malicious GIF image to an Android user, it uses a vulnerability in WhatsApp to trick the user into sharing it. The image includes a JavaScript that uses the Accessibility API to bypass WhatsApp’s Accessibility service to load the image over the network and ultimately gain code execution, as the hacker in the example below demonstrates. Cryptography is a cornerstone of modern cryptography. It allows someone to send an encrypted message between two people, but the way it works is not immediately obvious. Often, it’s the case that different cryptographic systems will work with different encryption keys. There are a number of ways encryption schemes work.

What are the risks involved?

Because WhatsApp messages are end-to-end encrypted, they cannot be read by the platform. But attackers could copy and paste a GIF into your WhatsApp chat window or steal your contact list. What's going on right now? The company is investigating the vulnerability and has disabled the GIF functionality on its desktop and Android apps. Meanwhile, Google released a patch to protect Android users. What can I do to protect my whatsapp account?

What can you do to protect yourself?

Some of the best ways to protect your personal information and privacy in this ever-connected age of information sharing are, and always have been, by using different passwords for different accounts, regularly updating and creating strong passwords, and never giving away your information to random people. Additional information about the subject of identity theft and financial fraud can be found in this Talk to the Tzar series of the Library of Congress website.