4 ways your whatsapp can be compromised

Here are some ways that WhatsApp can be hacked.

1. Remote Code Execution via GIF

In October 2019, security researcher Awakened revealed a vulnerability in WhatsApp that let hackers take control of the app using a GIF image. The hack works by taking advantage of the way that WhatsApp processes images when the user opens the Gallery view to send a media file.

When this happens, the app parses the GIF in order to show a preview of the file. GIF files are special because they have multiple encoded frames. This means that code can be hidden within the image.

If a hacker were to send a malicious GIF to a user, they could compromise the user’s entire chat history. The hackers would be able to see who the user had been messaging and what they had been saying. They could also see users’ files, photos, and videos sent through WhatsApp.

The vulnerability affected versions of WhatsApp up to 2.19.230 on Android 8.1 and 9. Fortunately, Awakened disclosed the vulnerability responsibly and Facebook, which owns WhatsApp, has been able to patch the issue. To keep yourself safe from this problem, you should update WhatsApp to version 2.19.244 or above.

2. The Pegasus Voice Call Attack
Another WhatsApp vulnerability discovered in early 2019 was the Pegasus voice call hack. This scary attack allowed hackers to access a device simply by placing a WhatsApp voice call to their target. Even if the target didn’t answer the call, the attack could still be effective. And the target may not even be aware that malware has been installed on their device.

This worked through a method known as buffer overflow. This is where an attack deliberately puts too much code into a small buffer so that it “overflows” and writes code into a location it shouldn’t be able to access. When the hacker can run code in a location that should be secure, they can take malicious actions.

In the case of this attack, it installed an older and well-known piece of spyware called Pegasus. This allowed hackers to collect data on phone calls, messages, photos, and video. It even let them activate devices’ cameras and microphones to take recordings.

This vulnerability applied to Android, iOS, Windows 10 Mobile, and Tizen devices. It was used by the Israeli firm NSO Group which has been accused of spying on Amnesty International staff and other human rights activists. After news of the hack broke, WhatsApp was updated to protect it from this attack.

If you are running WhatsApp version 2.19.134 or earlier on Android or version 2.19.51 or earlier on iOS, then you need to update your app immediately.

3. Socially Engineered Attacks

Another way that WhatsApp is vulnerable is through socially engineered attacks.These exploit human psychology to steal information or spread misinformation. This allowed people to misuse the quote feature in group chat and to alter the text of another person’s reply. Essentially, it allows hackers to plant fake statements that appear to be from other legitimate users.

4. Media File Jacking
A vulnerability which affects both WhatsApp and Telegram is media file jacking. This attack takes advantage of the way that apps receive media files like photos or videos and write those files to a device’s external storage. more  

View all 12 comments Below 12 comments
very useful warning more  
real world is certainly better then more  
an useful write up by Ms Reeta Kumar more  
Having known all this, people are enthused and encouraged to use Whatsapp. This is like digging one's own grave. more  
How to spot and neutralize is the question more  
Post a Comment

Related Posts

    • For Indian Police Forces

      Attached Houston Police Chief’s message to President Trump. Perhaps Indian police heads can learn from his boldness and use it when their political masters expect them to serve th...

      By Ruchika Mistry
      /
    • Lockdown 5.0 or Unlock 1.0

      Attached. Summary Below India- Lockdown5 for the containment zones across the country till 30 June A phased re-opening in the rest of the country, starting 8 June.

      By Amit Mishra
      /
    • Locust Swarms

      Locust Swarms have hit my city Jaipur (See attached) and soon will be hitting Delhi. I fail to understand why Government in center or state having known for a month that india will have...

      By Veena Maheswari
      /
    • Travel Permission for Indians stranded abroad and India

      Attached MHA rule. Also attached is the ruling from Friday. Now every body should be able to get to home

      By Shikha Mittal
      /
    • Covid In travel guidelines

      International Arrivals and Domestic Travel guidelines. This will get messy I think., very messy. Please share your inputs on what should be changed

      By Reeta Kumar
      /
    • Why restaurants cannot be opened till COVID-19 goes off

      Some really great epidemiology has demonstrated clearly the effect of a single asymptomatic carrier in a restaurant environment (see below). The infected person (A1) sat at a table and had dinner w...

      By Sneha Goyal
      /
    • MHA and MOHFW - get COVID treatment in private hospitals standardized

      See attached what Maharashtra has done. Full detailed notification. Price capped at 4000 per day as opposed to 21000 some looter hospitals were charging. You all should get MHA and your ...

      By Seema Shah
      /
    • Airport Arrival Departure Guidelines eff May 25

      Attached for everyones reference if you or family plans to travel.

      By Sarita Ravichandran
      /
    • Containment Zone Criteria

      Attached. States will now decide basis the attached who is green orange red.

      By Amit Mishra
      /
    • By National Disaster Management Authority
      /
    • By National Disaster Management Authority
      /
Share
Enter your email & mobile number and we will send you the instructions

Note - The email can sometime gets delivered to the spam folder, so the instruction will be send to your mobile as well

Please select a Circle that you want people to invite to.
Invite to
(Maximum 500 email ids allowed.)