Latest in Gear

Image credit: SOPA Images via Getty Images

WhatsApp exploit let one message render the app unusable for entire groups

The issue has been patched, so remember to update your apps.
121 Shares
Share
Tweet
Share

Sponsored Links

SOPA Images via Getty Images

WhatsApp may be one of the most popular messaging apps, but it has had its share of security issues. Security research group Check Point Research today announced the existence of another one, having recently uncovered a defect through which a single malicious user could crash the apps of all members of a group chat.

After joining a group chat, a user could edit specific message parameters using the WhatsApp web interface and a browser debugging tool. Then they could create an "unstoppable crash-loop for all group chat members" which could only be fixed by uninstalling and reinstalling the app. The exploit would prevent members from returning to the group and and also lose all history of the chat.

This follows another WhatsApp vulnerability discovered by Check Point last year. The FakesApp vulnerability, as it is known, allowed people to manipulate messages in group chats to make it appear as if other users had said things they had not. This worked by manipulating the parameters used by the WhatsApp web interface to fake the apparent sender of a message.

After finding the latest defect, Check Point disclosed the problem to WhatsApp in August as part of a bug bounty program. WhatsApp patched the issue in September with version 2.19.58, so take this as a reminder to keep your apps up to date.

Confirming the patch, WhatsApp Software Engineer Ehren Kret said: "WhatsApp greatly values the work of the technology community to help us maintain strong security for our users globally. Thanks to the responsible submission from Check Point to our bug bounty program, we quickly resolved this issue for all WhatsApp apps in mid September. We have also recently added new controls to prevent people from being added to unwanted groups to avoid communication with untrusted parties all together."

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
121 Shares
Share
Tweet
Share

Popular on Engadget

Ford hopes you'll trade some privacy for discounted car insurance

Ford hopes you'll trade some privacy for discounted car insurance

View
Bethesda games leave GeForce Now streaming service

Bethesda games leave GeForce Now streaming service

View
Samsung temporarily shuts down phone factory following coronavirus case

Samsung temporarily shuts down phone factory following coronavirus case

View
Hitting the Books: A brief history of industrial espionage and corn

Hitting the Books: A brief history of industrial espionage and corn

View
'Minecraft Earth' gets a bit more physical thanks to new NFC-enabled minis

'Minecraft Earth' gets a bit more physical thanks to new NFC-enabled minis

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr