Anyone Can Remotely Crash Your WhatsApp By Sending a Specially Crafted Message
600 million strong user base of WhatsApp is reportedly at the great risk of remote crashes. According to latest discovery, anyone can remotely crash your WhatsApp by simply sending a specially crafted message.
WhatsApp crash vulnerability:
This discovery has been made by Independent security researchers based in India. 17-year old Indrajeet Bhuyan and Saurav Kor shared a video demonstration about this WhatsApp Message Handler vulnerability which allows anyone to remotely crash WhatsApp.
In a video demonstration, they showed that how a 2000 words (2kb in size) message in special character set can crash Whatsapp messenger app. Previous it was discovered that sending a huge message ( greater than 7mb in size) on Whatsapp could crash victim device and app immediately, but using this new exploit attacker only need to send a very small size (approx 2kb) message to the victim.
This WhatsApp vulnerability affects all the Android versions from KitKat and below and reportedly affect the app on iOS too. However, the attack does not work on the Windows 8.1. If someone attempts to send you a message to crash your app, you will have to delete that entire chat with the sender to get away from the crashing issue.
Which brings us to the more important point of this type of attack: as pointed out by The Hacker News (who were sent the first emails from the hacker duo) too, this attack could be used delete a group or thread on another user's device. You may have said something that you now intend to delete, you can send this exploit to have the recipient left with no option but to delete the entire thread. This could potentially attack a user's privacy and security as threatening / harassing messages could be used as a witness.
WhatsApp is world's foremost messaging app loved by one and all. While the app received a little push back after Facebook acquiring it, the app recently announced end-to-end encryption on the platform securing users' data from unwanted intrusion. We still await a response from WhatsApp as this is a major incident in the history of the app that could be potentially harmful to users.
- Source and report: The Hacker News