Security researchers at Cisco discovered a vulnerability in a popular messaging client that allowed hackers to use malicious emoji and mess with the files on a computer.
The Register reports that the problem was found in Pidgin, a popular Windows chat client. By installing new packs of emoji, users were making themselves vulnerable to hackers.
A bug in Pidgin’s code meant that hackers could sneak in instructions within a pack of emoji. Anybody downloading new smileys could have been letting hackers modify files on their computer, or even create new ones.
Pidgin released a security update that fixed the security bug, but it’s unknown whether any hackers took advantage of it.
This wasn’t the first time that a vulnerability has been found in Emoji. A similar bug was discovered in the same chat client in 2012.
Hackers looking to gain access to a computer can use bundles of emoji to sneak in extra files. While that might sound bizarre, it’s actually part of a common hacker tactic.
Hackers often trick users into downloading files, disguising them as legitimate software downloads. Then, once the files have been downloaded, the user has to approve their installation. Most people don’t check too closely when installing new programs, and so they regularly grant new apps and programs access to important parts of their computer.
That’s exactly what happened with the recent iWorm bug, which spread to over 17,000 Mac computers. It was reported that the virus spread through fake Adobe Photoshop downloads uploaded to popular file-sharing site The Pirate Bay.
When it comes to emoji, we’re used to installing and downloading new bundles of colourful graphics. Whether it’s through a new iOS release, updated Facebook stickers, or a bundle of faces for a chat program, everyone from parents to young children knows to click a download button and install emoji. And if programs have security breaches, that’s exactly how hackers can access computers.
Business Insider Emails & Alerts
Site highlights each day to your inbox.