HomeWinBuzzer NewsWhatsApp's Latest Flaw Could Have Let Attackers Crash Loop the App at...

WhatsApp’s Latest Flaw Could Have Let Attackers Crash Loop the App at Will

A WhatsApp flaw let researchers crash group chat victim's phones, forcing and uninstall and deletion of the entire message history.

-

Another flaw has been found in the -owned , just days after the reveal of a video issue that enabled remote code execution. Thankfully, this one is unlikely to lead to malware installation and has already been fixed.

If exploited, however, it could have proved extremely annoying. By using WhatsApp Web, its WhatsApp Manipulation Tool, and a Python server, Check Point Research was able to crash the app for all participants in a group conversation.

Further, it was able to put WhatsApp into a crash loop on those devices via a Null Pointer Exception, modifying a participant's phone number to a non-supported one. The crash loop can only be resolved if a user clears their app cache or reinstalls, and the chat history must be wiped for the app to resume functioning. This means attackers could have potentially deleted important data from a WhatsApp group.

“The impact of this vulnerability is potentially tremendous, since WhatsApp is the main communication service for many people,” said Check Point. “Thus, the bug compromises the availability of the app which is a crucial for our daily activities.”

Those with version 2.19.246 and higher should be safe from the bug, which was discovered in August 2019. Needless to say, we're thankful that researchers found this before it caused any real damage.

Still, the volume of WhatsApp vulnerabilities discovered towards this year is concerning. As well as video files, an RCE flaw was found in GIF files in October, and one in May let attackers deploy spyware via unanswered video calls.

It adds another factor when it comes to calls for splitting up Facebook's empire. Should it combine the backends of Messenger, WhatsApp, and chat as planned, poor security could mean a single flaw brings users' entire communications network to the ground.

Ryan Maskell
Ryan Maskellhttps://ryanmaskell.co.uk
Ryan has had a passion for gaming and technology since early childhood. Fusing the skills from his Creative Writing and Publishing degree with profound technical knowledge, he enjoys covering news about Microsoft. As an avid writer, he is also working on his debut novel.

Recent News