WhatsApp users should be on alert after researchers unearthed another worrying scam inside the app.
And this one can be triggered just by sending an animated GIF inside the chat app. WhatsApp first added support for these looping animations back in 2017.
But now hackers have found a way to leverage these assuming animations to take control of your smartphone.
The bug, which only impacts Android handsets, could enable hackers to steal files that are saved on your smartphone, or view a complete chat history on compromised Android devices.
The issue was first uncovered by a Singapore-based security researcher named Awakened. According to Awakened, users have to create a specially-laced GIF to send the malicious code.
Since you don’t have to click to open a GIF – it just plays automatically in preview – WhatsApp users won’t even need to tap on the image to kickstart the malicious code, it will be loaded with the preview.
Those who are most likely to be affected by the scam will be running Android 8.1 Oreo and Android 9.0 Pie, which still represents a solid portion of the total Android marketshare.
Thankfully, there are some easy fixes to keep yourself safe from this scam – and able to send GIFs around to your friends without worrying about the consequences.
Update Your Version Of Android
The GIF attack only works on older versions of Android – 8.1 Oreo launched in August 2017, while 9.0 Pie debuted one year later – because it requires an older version of the WhatsApp software. If you’ve been putting off the upgrade to a newer version of Android, like the recently-released Android 10, then this could be the push you need.
Android 10 brings a bevy of new features, including a shiny new gesture navigation system and better controls around privacy and location data, but also boasts a number of security tweaks too.
And most importantly, it drops support for ageing applications, like the older versions of WhatsApp that are still vulnerable to this GIF attack.
So, if you update your Android handset to the latest version of Android and then let the Google Play Store update all of your apps… then you’re golden.
Update Your WhatsApp
But what if you can’t update your Android smartphone itself? Well, thankfully there is still a way to avoid hackers tacking control of your smartphone (and don’t worry, it doesn’t involve your banning all GIFs from group chats).
WhatsApp has patched the vulnerability in version 2.19.244 or newer.
So, if you’re running an older version of the app (you can find out what version you’re rocking in your Google Play Store app) then it’s definitely worth downloading anything newer than 2.19.244.
Thankfully, Facebook – which owns WhatsApp – doesn’t believe the issue has affected any of its other messaging services, including its own Facebook Messenger, and Instagram.