This Bug In WhatsApp App Can Repeatedly Crash Group Chats And Delete All Of Their Messages

Aadhya Khatri - Dec 19, 2019


This Bug In WhatsApp App Can Repeatedly Crash Group Chats And Delete All Of Their Messages

Even when they have reinstalled WhatsApp, returning to the group chat is impossible, resulting in the loss of all media and messages

WhatsApp has recently patched a vulnerability that bad actors can exploit to crash the app over and over again for all those participating in a group chat. When the attack happens, the only possible way to stop it is to uninstall the app and reinstall it again.

However, even when they have reinstalled WhatsApp, returning to the group chat is impossible, resulting in the loss of all media and messages.

WhatsApp-group-chat-attack
When the attack happens, the only possible way to stop it is to uninstall the app and reinstall it again

WhatsApp has more than 1.5 billion users on its platform and the company is working closely with Check Point, the cybersecurity company behind this discovery to make sure that no attacker can exploit it to carry out an attack.

This revelation follows some other research of Check Point pointing out the ways WhatsApp can be tampered by bad actors. The research also provides analysts on the way messages are exchanged on the platform and how the app can be exploited.

To carry out the app-crashing strike, the hackers must first gain access to the targeted group chat. While WhatsApp has limited the number of members in a group to 256, joining one is not very hard.

Hacking skills, Chrome’s DevTools, and WhatsApp Web are all needed for the attack. The strike also requires access to the parameters of the app, which creates the base for the way the group chat works. All of these can be gained via legal penetration-testing tools.

In this particular case, the researchers of Check Point was able to have access to the traffic of WhatsApp as well as solve the decryption of the parameters used by the group chat. After that, they could decrypt and change the messages, the same way they carry out previous research on WhatsApp.

In this way, the researchers were abler to change the phone number of members in a group chat into other characters. When they sent a message carrying this altered number, the app would be crashed for everyone.

The bug also causes the crash to happen all over again when members reopen the group chat, leaving them with only one option, which is to uninstall and then reinstall the app. While this method works, it also means that all of the content the members have exchanged will be lost forever.

The messages cannot be restored even when all members of the group reinstall WhatsApp. If the company was unable to patch this flaw in time, attackers might exploit it to carry out sabotage, given the large user base of the app.

According to Oded Vanunu, Check Point’s head of product, this bug can be used for vandalism or targeting groups that discussing political matters. If a chat group falls victim to the attack, everything will be gone forever with no chance of restoring.

This vulnerability was uncovered way back in August as part of a bounty program. Aware of this dangerous bug, the company rolled out a patch for it in its version 2.19.58 a few months ago. This means if you want to protect yourself from this kind of attacks, install the latest update is necessary.

Ehren Kret, a software engineer of WhatsApp said that the company appreciated the effort of the community in helping it maintain the safety of users on the platform. As a result of this finding submitted to its bounty program, they were able to patch the vulnerability in September.

He also mentioned the new addition of a control tool which prevents users from being added to the groups they do not want to join, as well as from communicating with suspicious parties.

>>> How to Block A Whatsapp Group Without Being Added Back Again

Tags

Comments

Sort by Newest | Popular

Next Story