WhatsApp is a popular and easy to use messaging program. It has some security features, like the use of end-to-end encryption to keep messages private. However, hacks targeting WhatsApp could compromise the privacy of your messages and contacts.
In October 2019, security researcher Awakened revealed a vulnerability in WhatsApp that let hackers take control of the app using a GIF image. The hack works by taking advantage of the way that WhatsApp processes images when the user opens the Gallery view to send a media file.
If a hacker were to send a malicious GIF to a user, they could compromise the user’s entire chat history. The hackers would be able to see who the user had been messaging and what they had been saying. They could also see users’ files, photos, and videos sent through WhatsApp
The vulnerability affected versions of WhatsApp up to 2.19.230 on Android 8.1 and 9. Fortunately, Awakened disclosed the vulnerability responsibly and Facebook, which owns WhatsApp, has been able to patch the issue. To keep yourself safe from this problem, you should update WhatsApp to version 2.19.244 or above.
This worked through a method known as buffer overflow. This is where an attack deliberately puts too much code into a small buffer so that it “overflows” and writes code into a location it shouldn’t be able to access. When the hacker can run code in a location that should be secure, they can take malicious actions.
This vulnerability applied to Android, iOS, Windows 10 Mobile, and Tizen devices. It was used by the Israeli firm NSO Group which has been accused of spying on Amnesty International staff and other human rights activists. After news of the hack broke, WhatsApp was updated to protect it from this attack.
Another way that WhatsApp is vulnerable is through socially engineered attacks.These exploit human psychology to steal information or spread misinformation. A security firm called Check Point Research revealed one such attack they named FakesApp. This allowed people to misuse the quote feature in group chat and to alter the text of another person’s reply. Essentially, it allows hackers to plant fake statements that appear to be from other legitimate users.
The researchers were able to do this by decrypting WhatsApp communications. This allowed them to see data sent between the mobile version and the web version of WhatsApp. And from here, they could change values in group chats. Then they could impersonate other people, sending messages which appeared to be from them. They could also change the text of replies.
The researchers point out this could be used in worrying ways to spread scams or fake news. Even though the vulnerability was disclosed in 2018, it had still not been patched by the time the researchers spoke at the Black Hat conference in Las Vegas in 2019, according to ZNet.
The attack starts by installing a malicious piece of malware hidden inside an apparently harmless app. This malware can then monitor incoming files for Telegram or WhatsApp. When a new file comes in, the malware can swap out the real file for a fake file. The researchers who discovered the issue, Symantec, suggest it could be used to scam people or to spread fake news.
There is a quick fix for this issue. In the WhatsApp app, you should look in Settings and go to Chat Settings. Then find the Save to Gallery option and make sure it is set to Off. This will protect you from this vulnerability. However, a true fix for the issue will require app developers to completely change the way that apps handle media files in the future.
In a blog post, WhatsApp implied that because it uses end-to-end encryption, it is impossible for Facebook to read WhatsApp content: “we’ve rolled out end-to-end encryption. When you and the people you message are using the latest version of WhatsApp, your messages are encrypted by default, which means you’re the only people who can read them. Even as we coordinate more with Facebook in the months ahead, your encrypted messages stay private and no one else can read them. Not WhatsApp, not Facebook, nor anyone else.”
However, according to developer Gregorio Zanon, this is not strictly true. The fact WhatsApp uses end-to-end encryption does not mean all messages are private. On an operating system like iOS 8 and above, apps can access files in a “shared container.”
Both the Facebook and WhatsApp apps use the same shared container on devices. And while chats are encrypted when they are sent, they are not necessarily encrypted on the originating device. This means the Facebook app could potentially copy information from the WhatsApp app.
To be clear, there is no evidence that Facebook has used shared containers to view private WhatsApp messages. But the potential ability is there for them to do so. Even with end-to-end encryption, your messages may not be private from Facebook’s all-seeing eye.