Receive News Alerts, Special Info and other offers!
We Respect your Privacy. Your Information will not be shared.
WhatsApp users across the world have been reporting recently of a maliciously crafted message received on group chats that is forcing them into a frustrating crash loop. The malicious message upon receiving crashes the app and once the user tries to open the group chat and delete the message, the app crashes again, forcing the user into a never-ending crash loop.
Discovered by the researchers at the Israeli cybersecurity company- Check Point, the bug was residing in WhatsApp’s implementation of XMPP communication protocol, which crashes the app when a member with invalid phone number drops a message in the group.
The bug resided both in WhatsApp for android and ios, but as of recent findings by Roman Zaikin, cybersecurity researcher at Check Point; it is evident that the bug is better at exploiting android users than ios users, although both are at target.
In order to carry out this attack, attackers are leveraging WhatsApp web and web browser debugging tool in combination with an open-source WhatsApp manipulation tool released by checkpoint last year.
"When we attempt to send a message where the parameter "participant" receives a value of "null," a "Null Pointer Exception" is thrown," the researchers explain.
""The parser for the participant"s phone number mishandles the input when an illegal phone number is received. When it receives a phone number with a length, not in the ranger 5-20 or a non-digit character, it would read it as a "null" string."
Since every time an affected user opens the group chat to delete the message, the app crashes, the only way to delete the message is to completely uninstall the app, reinstall it and permanently delete the group chat.
As of now, Whatsapp has provided a security patch for the message with the WhatsApp version 2.19.58. WhatsApp developers have also added new controls to prevent people from being added to unwanted groups to avoid communication with untrusted parties altogether.
Users are advised to always keep the app updated to prevent themselves from any similar attacks.
Top 40 Ethical Hacking Tools for your Business
13 Ways to Protect Cloud Applications in an Organization
How much do professionals earn across AWS and Azure certifications in 2023?
5 Reasons of opting for Azure-900 certification
What does a Project Manager do in 2022
So many information security courses, which one do I pursue first?
A decade of re:Invent for AWS Cloud Solutions Architects & Tech Enthusiasts
Is it worth getting CISM training?
How to become a CCISO?
Know About CISA Certification
OR