Security researchers find WhatsApp bug that causes conversations to crash

Security researchers have found a bug that allows them to send WhatsApp messages that cause the app to go into a crash loop. Only a reinstall of the app can fix the bug. WhatsApp has released a fix.

According to the security researchers at Check Point Research, the bug is in the xmpp protocol. The app would use the phone number associated with messages to identify who the message comes from. The app can only handle phone numbers that consist entirely of numbers and are between five and twenty characters long.

To exploit the bug, attackers must first be able to decrypt messages so that they can edit them. According to the researchers, this can be done via WhatsApp Web, as they described earlier. When the encryption keys are obsolete, messages in private and group messages can be decrypted and read in json format.

Then the telephone number can also be adjusted. Strings other than those mentioned earlier, such as an email address, return a null value. That null value causes the application to crash, in the case of group messages WhatsApp will also crash on every participant’s phones. When the app opens after that, it crashes again.

According to the security researchers, the only way to restore the app is by reinstalling the application and then deleting the group. As a result, all data in that group app, such as messages and photos, is no longer available. Both Android and iOS users are prone to this bug.

As a result, the consequences of this bug, according to the researchers, are “possibly huge”, because important information can be shared in group messages. The researchers discovered this problem in August and then informed WhatsApp. The bug has since been fixed in WhatsApp versions 2.19.246 and above.