Researchers at Check Point Software Technologies, an Israeli company specializing in cybersecurity products, announced that they had discovered a serious WhatsApp malfunction (bug), which could compromise the functioning of the messaging app. The flaw allowed a person to send a message in a group chat which would then cause the application to crash unexpectedly for all members of the group. This issue has been fixed in an update, but several users may still be affected if they haven't upgraded to the new version.
In the event of an attack, the issue forced group members to uninstall and reinstall the app in order to get back to using it properly. The researchers explain that the affected group chat cannot be restored after the crash and that it must be deleted to stop the continuous crash. Once the app is reinstalled, therefore, users could no longer re-enter the group chat, which would lead to the loss of its history.
According to Check Point, the attack begins with a hacker who gains access to a WhatsApp group and becomes a member of the chat. After that, “modify some specific parameters of the message and send modified malicious messages to the group”. To carry out the attack the hacker uses WhatsApp Web, the tool to use the app on their computer, and once the message is sent, the app crashes continuously and unstoppable for all members of the group chat.
Check Point said it discovered the flaw in an investigation carried out last August for a WhatsApp bounty program, which is a program that allows developers to discover and fix bugs before they become public. WhatsApp recognized the survey results and solved the problem with a fix available in version 2.19.58 of the app. WhatsApp released the version in mid-September and added new controls to prevent people from being added to unwanted groups to prevent them from being contacted by untrusted users. The advice is therefore to check the WhatsApp version and update if you are using a version older than 2.19.58.
