Samsung smartphones may become infected by images shared via WhatsApp.
In a concerning development, a critical security gap has been discovered in WhatsApp Web, affecting many Android devices, including Samsung phones running Android 13 to 16. This vulnerability, which also affects iPhone, iPad, and Mac users, as well as the business versions of these devices, is reportedly in an image analysis library of a third-party used by several messengers.
The security gap allows hackers to remotely execute malware on affected devices via manipulated images. This means that simply receiving a manipulated image could potentially install spyware on a smartphone. Newer Samsung smartphones with Android 13 or higher seem to be more at risk, while other Android devices appear to be less affected.
Samsung has confirmed that the vulnerability is already being actively exploited by cybercriminals. Fraudsters are posing as employees of a Swiss law firm, claiming victims have a claim to damages from lottery or crypto fraud. They use well-known company names or fake official letters to gain trust and claim there is an urgent matter requiring online identification.
Victims are asked to show or scan their identity cards via WhatsApp Web, telephone, or email, exposing sensitive data to scammers. This scam is not new, with the disguise changing constantly to deceive new victims. The Consumer Center Brandenburg is warning about fraudsters trying to steal identity card photos via WhatsApp Web.
Alexandra Ilina, a graduate journalist and translator, focuses her writing on career and technology topics. In her latest article, she discusses this security gap, its implications, and how users can protect themselves. She advises users of WhatsApp on Samsung phones to install the available updates as soon as possible to prevent hacker attacks.
The vulnerability exploits weaknesses in both WhatsApp Web and the Apple Image I/O Framework. While the specifics of this instance are not provided in the text, it's not the first time such a security gap has been reported in WhatsApp Web. The article also touches upon WhatsApp Web, project management tools, cryptocurrency, messaging services, image editing, city rankings, and the Hannover Messe trade fair.
Despite the ongoing investigation, there is no information in the available sources specifying the name of a person or organization currently committing fraud related to controlling identity cards via WhatsApp Web. Users are urged to be vigilant and cautious when receiving messages or requests for personal information, especially those claiming to be from unknown sources or suspicious entities.
Read also:
- Tesla is reportedly staying away from the solid-state battery trend, as suggested by indications from CATL and Panasonic.
- Tesla's 37th week update: Stock remains steady, potential successor for Musk, unveiling of new megapack, fuel reveal delayed until IAA event
- Lieutenant Governor Kounalakis joins SoCalGas in unveiling the novel H2 Hydrogen Innovation Experience, a one-of-a-kind demonstration.
- Review of the 2025 Lamborghini Revuelto: Blazing Beasts on Wheels
