One of the most popular features of Facebook-owned WhatsApp is group messaging, which turns the app's end-to-end encrypted chats into social groups that can include up to 256 participants. But recent stumbles in group chat security—including a bug that could have let a hacker crash the app entirely—have shown that WhatsApp may need to keep a closer eye on these communal hubs.
That specific vulnerability, disclosed by security firm Check Point in August and patched in September, would have let a hacker cause group chat chaos with a specially crafted message. To stop their app from failing every time they opened the infected thread, recipients would have to uninstall WhatsApp altogether, reinstall it, and delete the compromised group chat from their account. Victims who didn't back up their WhatsApp data would lose everything in the uninstall process, and even those with backups would give up the contents of the affected chat, since it has to be removed without reopening it to stop the crash cycle.
"People could get these messages and the application will crash and they would not understand what to do—they will not know to uninstall and reinstall the app and then delete the group," says Oded Vanunu, Check Point's head of product vulnerability research. "For us it's very important to understand an application that is one of the main communication channels in the world. We already see that bad actors are using WhatsApp to attack targets, so it’s not the type of thing that's out of the norm."
In addition to denial of service and potential loss of data, Vanunu points out that a crafty attacker could also exploit the bug stra ..
Support the originator by clicking the read the rest link below.
