• Contact Us
  • Login
Upgrade
Tech News Hero
Advertisement
  • Home
  • News
  • Gadgets
  • Social
  • Gaming
  • Mobile
  • PC
  • Internet
  • Security
  • Apps
No Result
View All Result
  • Home
  • News
  • Gadgets
  • Social
  • Gaming
  • Mobile
  • PC
  • Internet
  • Security
  • Apps
No Result
View All Result
Tech News Hero
No Result
View All Result
Home Social

WhatsApp Bug Could Let Attackers Crash the App, Delete Group Messages: Check Point

by technewshero
December 18, 2019
in Social
0
Share on FacebookShare on Twitter

WhatsApp has fixed a bug that could have allowed attackers to deliver a malicious group message to repeatedly crash the app for all the members of the group, a report by Check Point Research revealed on Tuesday. The bug, which was discovered in August, is said to have the potential to cause a crash loop that could only be fixed by completely uninstall and reinstall the app. Even after reinstalling, users wouldn’t be able to return to the affected group and hence would lose all the messages and media content exchanged in that particular group.

According to the blog post by Check Point Research detailing the bug, an attacker would need to be a member of the target WhatsApp group to impact its other members. The instant messaging app has a limit of 256 members per group, which isn’t too small to make room for a bad actor.

Once they have gained membership, the bad actor would need to use WhatsApp Web and debugging tool like Google Chrome’s DevTools to edit specific message parameters that cause the crash loop for all group members.

The bug was found by the Check Point Research team after inspecting the communications between WhatsApp and WhatsApp Web. The researchers were able to manipulate the parameters used for WhatsApp communications that could cause repeated crash. Furthermore, technical details of the bug have been published in the blog post.

Although the affected users would be able to fix the crash loop by reinstalling WhatsApp on their devices, the bug forces them to delete the group that removes all its messages and media content.

“Because WhatsApp is one of the world’s leading communication channels for consumers, businesses and government agencies, the ability to stop people using WhatsApp and delete valuable information from group chats is a powerful weapon for bad actors,” said Oded Vanunu, Check Point’s Head of Product Vulnerability Research, in a media statement.

Check Point Research disclosed its findings to the WhatsApp bug bounty programme on August 28. WhatsApp has fixed the flaw starting its Android version number 2.19.58. Moreover, users, especially those who haven’t updated WhatsApp since the middle of September, are recommended to download the latest version to prevent instances of crashes through malicious group messages.

The latest fix comes weeks after WhatsApp was found to include an MP4 file security flaw that could be used to trigger remote code execution (RCE) or denial-of-service (DoS) attacks. The Facebook-owned app also in September fixed a bug that could let attackers steal user data directly through a malicious GIF file.

WhatsApp has a strong base of over 1.5 billion users across the globe — with more than 400 million users in India alone. This gives a significant reason to researchers to actively dig in and find new vulnerabilities.

Previous Post

Americans trust Google more than Apple to keep their data safe

Next Post

Family Ghost’s Sam Dingman – TechNewHero

technewshero

technewshero

Related Posts

Are WhatsApp and Jio Cooling Off on Payments Partnership?
Social

Are WhatsApp and Jio Cooling Off on Payments Partnership?

by technewshero
January 13, 2021
TikTok US Ban: Trump Administration Appeals Federal Order Blocking App Restrictions
Social

TikTok US Ban: Trump Administration Appeals Federal Order Blocking App Restrictions

by technewshero
January 14, 2021
From Zoom to Quibi: Tech Winners and Losers of 2020
Social

From Zoom to Quibi: Tech Winners and Losers of 2020

by technewshero
January 15, 2021
Walmart Partners With TikTok to Sell Merchandise While Livestreaming
Social

Walmart Partners With TikTok to Sell Merchandise While Livestreaming

by technewshero
December 21, 2020
Twitter to Finish Delayed Fleets Rollout by November 20, Product Lead Kayvon Beykpour Says
Social

Twitter Verification Policy Revamped, Will Be Implemented on January 20 Next Year

by technewshero
December 21, 2020
Next Post

Family Ghost's Sam Dingman – TechNewHero

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Most Popular

Over 1,000 Android apps were found to steal your data. Here’s what you can do

Over 1,000 Android apps were found to steal your data. Here’s what you can do

December 15, 2020

The best cheap phones in the US 2020

January 22, 2020

Windows 10 recovery: Microsoft borrows Apple’s Mac cloud reinstall feature

July 30, 2019

Browse by Category

  • Apps
  • Gadgets
  • Gaming
  • Internet
  • Mobile
  • News
  • PC & Laptops
  • Security
  • Social
Tech News Hero

© 2020 Tech News Hero.

No Result
View All Result
  • Home
  • Landing Page
  • Buy JNews
  • Support Forum
  • Contact Us

© 2020 Tech News Hero.

Welcome Back!

Login to your account below

Forgotten Password?

Create New Account!

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
Are you sure want to unlock this post?
Unlock left : 0
Are you sure want to cancel subscription?