WhatsApp is by far the most popular instant messaging app in the world. But that hasn’t prevented the Facebook owned app from having its own set of data security and privacy related issues over time.
The latest in that seemingly never-ending saga is that WhatsApp apparently had a bug which allowed a hacker to send a malicious message in a group, causing the app to crash for all users in that group chat. 

This bug was discovered by security researchers Check Point Research. The bug has since been patched, and you may want to update WhatsApp on your phone, irrespective of whether you are using an Android phone or an Apple iPhone.

The way this bug can be exploited is that any user, after joining a group chat, could edit specific message parameters using the WhatsApp web interface and a browser debugging tool and then send the edited text to the group chat. This would then cause the app to crash for all members in the group in question, and this would become an “unstoppable crash-loop”. 

The only way to fix this is to uninstall WhatsApp on your phone and then reinstall it. As a side-effect, the members who were previously in that group chat will not be able to re-join and all the chat history will also be lost.

"WhatsApp greatly values the work of the technology community to help us maintain strong security for our users globally. Thanks to the responsible submission from Check Point to our bug bounty program, we quickly resolved this issue for all WhatsApp apps in mid-September. We have also recently added new controls to prevent people from being added to unwanted groups to avoid communication with untrusted parties all together,” says Ehren Kret, WhatsApp Software Engineer.

WhatsApp acknowledged the findings and developed a fix to resolve the issue, which is available since WhatsApp version number 2.19.58. “WhatsApp responded quickly and responsibly to deploy the mitigation against exploitation of this vulnerability,” says Oded Vanunu, Check Point’s Head of Product Vulnerability Research.

Post a Comment

Previous Post Next Post