The WhatsApp vulnerability could let a hacker crash people’s group chats, forcing the user to uninstall the app and ultimately lose their saved WhatsApp data.
Check Point Research originally exposed the bug back in August 2019 and reported it to WhatsApp at the time. The company responded by swiftly releasing a fix in the 2.19.246 app update – but anyone still using a previous version of WhatsApp could be vulnerable to attacks.
Although Check Point discovered the problem a while ago, it only recently exposed just how disruptive the bug could be for users. Hackers can effectively send a message within a group that would crash the chat and continue to do so even if the app is reloaded, creating an irritating ‘crash-loop’.
The only way for any members of the group to get WhatsApp functionality back on their phones would be by reinstalling the app completely and deleting their old chat. This means losing all your group’s history and data, so wave buh-bye to all those shared holiday snaps and in-joke memes.
It’s the latest in a series of headaches for WhatsApp that have been caused by security issues. For a long time spammers were adding strangers to groups and either trying to sell them junk or feeding them misinformation. And before that, hackers managed to install spyware on users’ phones just by calling them.
“Because WhatsApp is one of the world’s leading communication channels for consumers, businesses and government agencies, the ability to stop people using WhatsApp and delete valuable information from group chats is a powerful weapon for bad actors,” said Oded Vanunu, Check Point’s Head of Product Vulnerability Research.
There haven’t been any reports of the vulnerabilities being exploited so far, but it’s still vital that WhatsApp users upgrade to the latest version for security reasons.
In relation to the issue, WhatsApp Software engineer Ehren Kret said: “WhatsApp greatly values the work of the technology community to help us maintain strong security for our users globally. Thanks to the responsible submission from Check Point to our bug bounty program, we quickly resolved this issue for all WhatsApp apps in mid September. We have also recently added new controls to prevent people from being added to unwanted groups to avoid communication with untrusted parties all together.”
At present, it’s not clear how many users are still operating on the older version of WhatsApp, where the vulnerability was originally found.