WhatsApp is one of the most popular messaging apps. The messaging service boasts of end-to-end encrypted chat and groups that could include as many as 256 participants. A new bug has come to light. This bug is capable of crashing the app entirely and letting hackers cause mayhem.
The vulnerability was discovered back in August by Check Point and allowed hackers to infiltrate by using a customized message. Once infected WhatsApp would crash every time the user opened the thread. The only solution was to delete WhatsApp, reinstall and also exit the infected group. The bad actor/hacker works by using WhatsApp Web and other tools like Google Chrome DevTools to create a message with specific elements.
The perils of the WhatsApp bug also extend much further. For instance, the attacker can exploit the bug to crash WhatsApp, then they could use the opportunity and send phishing SMS while knowing that the victim’s WhatsApp is not accessible. It is also possible for the bad actor to send a malicious link that entices users to backup their WhatsApp data. Furthermore, this bug renders all the data present in group chat useless, and thus causes data loss as well.
Thankfully the company claims that no one seems to exploit the bug. Ehren Kret, WhatsApp Software Engineer says “We have also recently added new controls to prevent people from being added to unwanted groups to avoid communication with untrusted parties.” In other words, the new feature has rendered the exploit useless as you will not be able to add random users to WhatsApp groups.
It is not easy to maintain an entire ecosystem of end-to-end encryption. We need to realize that WhatsApp is closely integrated with other services like Instagram and Facebook Messenger. A weak link in any one of the services has the potential to impact others. Lastly, it is good to see that WhatsApp almost immediately sprung into action and fixed the bug.[via ZDNet]