WhatsApp faces vulnerability with a 2000 character message


Recently, vulnerability was discovered in WhatsApp by two 17 year old India-based independent security researchers – Saurav Kar and Indrajeet Bhuyan. They demonstrated how a simple text message with two thousand characters which was about 2KB in size could crash one’s WhatsApp when it was sent to them.

When you attempt to go back to the message, it will cause another force close, leading to the crash. So, the only way you can rectify this is you will have to delete the entire conversation with the person who sent the message to you. You can use to message to troll your friends or wipe their chat history with you. In a group message setting, it would force people to remove themselves from the group.

The act was demonstrated by the students on a screencast video and noted that they have tested it on WhatsApp versions 2.11.431 and 2.11.432. Also, it is found to affect any Android device up to Android 4.4 KitKat. There are chances the WhatsApp could also be victim to the exploit on Lollipop though it is possible the latest version of Android has not been tested yet. The good news is that this trick does not work on Windows Phone 8.1 and it has to be tested yet on iOS.

However, we all know that this is not the first time that a messaging exploit has cause apps to crash. Earlier, the Hangouts suffered a similar bug if people were to spam their chat messages with a lot of emoticons, called the ‘emoticon bomb’. This has also affected WhatsApp in a similar way.

WhatsApp, which was  acquired by Facebook for $19 billion early this year in the month of February, has about 600 million users. Research was carried on and it says that about five hundred million users could be affected by the vulnerability. WhatsApp was in the news recently for making end to end encryption on all text messages as a default feature to boost online privacy.

Via: The Hacker News