WhatsApp bug crashes app and completely wipes out group chats with a single message
Researchers urge users to update app to latest version immediately to protect against 'powerful weapon'
Your support helps us to tell the story
From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.
At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.
The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.
Your support makes all the difference.A major flaw with WhatsApp has been discovered that allows people to wreak havoc in group chats and crash the messaging app for all members.
Researchers at cyber security firm Check Point said the issue means that people can send a destructive group chat message that causes a swift and complete crash of the entire WhatsApp application for all members of the group.
The crash bug is so severe that anyone affected is forced to uninstall and reinstall WhatsApp on their phone or device in order to use it again. Once reinstalled, the user would be unable to return to the group chat or access any of the group's chat history.
WhatsApp was informed of the vulnerability and issued a fix, though Check Point warned that users must update the app to the latest version in order to protect themselves against the attack.
“The ability to stop people being able to use WhatsApp and to delete valuable information from group chat histories is a powerful weapon,” Oded Vanunu, Check Point’s head of product vulnerability research, told The Independent.
The bug was first discovered in August 2019 and Mr Vanunu said he was not aware of any cases where the vulnerability has yet been exploited by hackers.
Check Point published a video explaining how an attacker would be able to take advantage of the flaw in order to crash WhatsApp for other users.
The method involves launching the attack using WhatsApp Web and the browser debugging tool available in all web browsers.
With more than 1.5 billion users globally, any bugs within WhatsApp can have sever consequences on a massive scale. A fix for the issue was rolled out in WhatsApp version 2.19.58 in mid-September, though any versions that were downloaded before that and not updated remain at risk.
“WhatsApp greatly values the work of the technology community to help us maintain strong security for our users globally,” said WhatsApp Software Engineer Ehren Kret.
“Thanks to the responsible submission from Check Point to our bug bounty program, we quickly resolved this issue for all WhatsApp apps in mid-September. We have also recently added new controls to prevent people from being added to unwanted groups to avoid communication with untrusted parties all together.”
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies
Comments