WhatsApp bug allows hackers to crash your app with a single message – and you’ll have to delete it and reinstall it before you can use it again
- Hackers can manipulate a piece of code in the app to create a malicious payload
- It can be sent in a group chat and all users in the chat will see their app crash
- Only way to fix the problem is to reinstall the app and delete the infected group
- WhatsApp has issued a fix for the vulnerability in its latest update
A WhatsApp bug that allows hackers to crash the app by just sending a message has been discovered by cyber security experts.
The bug can only be exploited by people with expert hacker skills, and was found by researchers looking for weaknesses in the WhatsApp code.
One message sent in a group chat causes all members of the group to experience the problem – with phones prompting them to reinstall the app in order to fix it.
The bug was uncovered as part of WhatsApp’s ‘bug bounty’ programme where savvy tech experts are encouraged to find flaws in the app’s code and report it to the company, in exchange for a reward.
Bug requires expert hacker skills and was found by researchers looking for problems in the WhatsApp code. One message sent in a group chat causes all users in the chat to experience the problem, with phones prompting them to reinstall the app in order to fix it (Stock)
The Check Point researchers who discovered the flaw described how they managed to exploit it in a blog post.
The bug exists in the the way the app detects user phone numbers and turns them into names.
The researchers were able to edit this feature and weaponise it by inserting a ‘non-digit character’ such as @ or &.
By sending a message as this bizarre new character in a group chat, they were able to cause the entire conversation to crash.
The researchers write: ‘The bug will crash the app and it will continue to crash even after we reopen WhatsApp, resulting in a crash loop.
‘Moreover, the user will not be able to return to the group and all the data that was written and shared in the group is now gone for good.
‘The group cannot be restored after the crash has happened and will have to be deleted in order to stop the crash.
‘In WhatsApp there are many important groups with valuable content.
WhatsApp was made aware of the problem by the researchers, and patched the problem in the latest update, which users can install now via the App Store or the Google Play Store (file)
‘If an attacker uses this technique and crashes one of these groups all chat history will be gone and further communication would be impossible.
‘The impact of this vulnerability is potentially tremendous, since WhatsApp is the main communication service for many people.
‘Thus, the bug compromises the availability of the app which is a crucial for our daily activities.
‘In order to recover from the issue, the user have to uninstall WhatsApp, install it again and remove the group which contains the malicious payload.’
WhatsApp was made aware of the problem by the researchers, and patched the problem in an update around three months ago, ensuring most users are protected from the unlikely hack.
WhatsApp Software Engineer Ehren Kret said: ‘WhatsApp greatly values the work of the technology community to help us maintain strong security for our users globally.
‘Thanks to the responsible submission from Check Point to our bug bounty program, we quickly resolved this issue for all WhatsApp apps in mid September.
‘We have also recently added new controls to prevent people from being added to unwanted groups to avoid communication with untrusted parties all together.’