App used by 1.5 billion has "crucial" flaw
A surprising flaw in the popular app WhatsApp allows hackers to crash the app by sending a simple text message.
The flaw is so serious that the text can force users to reinstall WhatsApp to fix the issue and group chats impacted by the issue disappear forever.
Cyber experts at security firm Check Point discovered the flaw, saying that one text can crash multiple phones in one go.
“The impact of this vulnerability is potentially tremendous, since WhatsApp is the main communication service for many people,” Check Point researchers explained.
“Thus, the bug compromises the availability of the app which is a crucial for our daily activities.”
With as many as 65 billion messages being sent via WhatsApp every day, bugs in the system can impact massive numbers of people.
Once you’ve received the message in a group chat, the app crashes for everyone in the chat and will require you to uninstall and reinstall WhatsApp.
After the app has been reinstalled, you will be unable to return to your group chat or access the chat history.
When a user sends a message inside a group chat, the app examines the data to discover who sent the message.
Check Point have since created a tool that accesses this data and edits it, replacing it with a message that causes the app to crash.
“The bug will crash the app and it will continue to crash even after we reopen WhatsApp, resulting in a crash loop,” Check Point explained.
“Moreover, the user will not be able to return to the group, and all the data that was written and shared in the group is now gone for good.
“The group cannot be restored after the crash has happened and will have to be deleted in order to stop the crash.”
Naturally, WhatsApp have already fixed the bug, but you’ll need to update the app to make sure you’re safe. If the app is updated to the latest version already, it’s impossible for your phone to be attacked by this bug.
“WhatsApp greatly values the work of the technology community to help us maintain strong security for our users globally,” said WhatsApp software engineer Ehren Kret in a statement sent to The Sun.
“Thanks to the responsible submission from Check Point to our bug bounty program, we quickly resolved this issue for all WhatsApp apps in mid-September.
“We have also recently added new controls to prevent people from being added to unwanted groups to avoid communication with untrusted parties altogether.”