A security researcher has found a way to crash WhatsApp by bombarding a victim with emoji. For example, the software appears to crash if more than 4000 emoji are sent in a message.
The bug was discovered by Indrajeet Bhuyan, who describes himself as an independent security researcher. With WhatsApp, problems occur in both the web version and the mobile version if an attacker bombards a victim with emoji. The chat service crashes if a conversation is opened where a malicious person sends more than 4,000 emoji in a message, according to a demonstration of the bug.
Due to the issues, a chat can no longer be opened and must be deleted. Incidentally, the problems mainly occur on the Android operating system. Several smartphones, including the relatively new OnePlus Two, suffered from crashing calls. On iOS, messages with thousands of emoji cause a short freeze, but the software does not crash, according to the researcher.
The bug is similar to an issue previously identified where sending large messages resulted in a crash. WhatsApp fixed this by setting a character limit, but it turns out that this is not strict enough for emoji. It is likely that, as the problems come out, a stricter limit on the number of emoji per message will still be set.