WhatsApp has patched a vulnerability that could allow hackers to deliver a malicious group message to repeatedly crash the app for members of the group.
According to a report by Check Point Research, this bug which was discovered in August this year, is capable of causing a crash loop that could only be fixed by uninstalling and re-installing the WhatsApp app.
But that doesn't end there. Even after re-installing the WhatsApp app, affected users won't be able to return to the group that the bug was exploited in, thus will loose all the messages and media files that were exchanged in the group.
"In a typical scenario, when a user in a WhatsApp group sends a message to the group, the application will examine the parameter participant to identify who sent the message. While using our tool we were able to access this parameter and edit it.
"In order to exploit it this bug we would need to replace the participant's parameter from the sender phone number to any non-digit character(s) e.g. '[email protected]',"Check Point said.
When the bad actor has sent this message, the WhatsApp app will crash on all the members phone and will continue to crash even after the Facebook owned app is reopened, resulting in a crash loop and as well wiping all data shared in the group.
Also Read: 29 Android Malicious Apps With Over 10 Million Downloads Kicked From The Play Store
Even after members have uninstalled and re-installed the WhatsApp app, they will be forced to delete the group in order to stop the crash.
"Because WhatsApp is one of the world's leading communication channels for consumers, businesses and government agencies, the ability to stop people using WhatsApp and delete valuable information from group chats is a powerful weapon for bad actors," said Oded Vanunu, Check Point's Head of Product Vulnerability Research, in a media statement.
Check Point Research reported the issue to WhatsApp on August 28, 2019, and it was fixed in version 2.19.246 and onwards in mid-September.
"WhatsApp greatly values the work of the technology community to help us maintain strong security for our users globally," WhatsApp Software Engineer Ehren Kret said in a statement. "Thanks to the responsible submission from Check Point to our bug bounty program, we quickly resolved the issue for all WhatsApp apps in mid-September. We have also recently added new controls to prevent people from being added to unwanted groups to avoid communication with untrusted parties all together."
WhatsApp has a strong base of over 1.5 billion users across the world and the Facebook owned messaging app is encouraging users to update their app to the latest version.