WhatsApp Android app bug enabled hackers to steal files - here's how to avoid it
A security flaw within WhatsApp for Android enabled hackers to take over people's phones - just by sending them a GIF.
As is often the case when these issues come to light, a fix has already been issued. Make sure you're running the latest version of WhatsApp for Android. The issue primarily affected phones with Android 8.1 and Android 9, because the app versions the issue affected crashed out on older versions of Android.
The vulnerability - discovered by Singapore-based security researcher Awakened - needed the user to actually open the GIF before it could take hold. As Awakened says on his blog, the "exploit works well until WhatsApp version 2.19.230". WhatsApp patched the issue in version 2.19.244.
Facebook-owned WhatsApp says it doesn't think the issue affected any users.
WhatsApp is set to undergo major change over the coming months and years, with Facebook still planning a way to separate the service from the current system of being locked to your phone number. The same underlying system would then underpin Facebook Messager as well, theoretically enabling you to message between the platforms.
The service is also testing the ability to send messages that disappear in a set period of time but is under pressure about its end-to-end encryption. Facebook is planning even more encryption to secure user messages, a move that hasn't gone down well with Governments in the US, UK and Australia who claim that increased encryption on chat services could have serious implications for those who are using the networks for illegal activities.
Interestingly, a large part of the concern is that because Facebook itself wouldn't be able to identify patterns of illegal behaviour, it could have consequences for such behaviour being able to continue unchecked.
from Pocket-lint https://ift.tt/2Ml8aBd
via IFTTT
No comments: