Security researchers at Check Point announced on Wednesday, 18 December 2019, that they have detected a serious defect in WhatsApp, currently the world’s most popular instant messaging application owned by Facebook and used by over 1.5 billion people. The defect would enable a bad actor to deliver a destructive group chat message that produces a swift and complete crash of the entire application for all members of the group chat.
The crash is so severe that users are forced to uninstall and reinstall the application, in order to gain proper use of WhatsApp. Furthermore, the user would be unable to return to the group chat, which would lead to the loss of all group chat history, indefinitely. The group chat would then not be able to be restored after the crash occurs and would need to be deleted in order to stop the crash-loop.
To create the malicious message that would impact a WhatsApp group, the bad actor would need to be a member of the target group (WhatsApp allows up to 256 users per group). From there, the bad actor would need to use WhatsApp Web and their web browser’s debugging tool to edit specific message parameters and send the edited text to the group. This edited message would cause a crash loop for group members, denying users access to all WhatsApp functions until they reinstall WhatsApp and delete the group with the malicious message.
“Because WhatsApp is one of the world’s leading communication channels for consumers, businesses and government agencies, the ability to stop people using WhatsApp and delete valuable information from group chats is a powerful weapon for bad actors. All WhatsApp users should update to the latest version of the app to protect themselves against this possible attack,” says Oded Vanunu, Check Point’s Head of Product Vulnerability Research.
Edited by Jenna Delport
Follow Jenna Delport on Twitter
Follow IT News Africa on Twitter
