A Vulnerability is found in the popular WhatsApp, that permits anyone to
remotely crash WhatsApp simply by causing a specially crafted message, 2
security researchers reported ‘The Hacker News’.
Two freelance security researchers, Indrajeet Bhuyan and Saurav Kar, each
17-year previous teenagers incontestible the WhatsApp Message Handler
vulnerability to at least one of our security analyst.
In a video demonstration, they showed that however a 2000 words (2kb in size)
message in special list will crash Whatsapp . Previous it absolutely was
discovered that causing a large message ( larger than 7mb in size) on Whatsapp
might crash victim's device and app straightaway, but using this new exploit
attacker only need to send a very small size (approx 2kb) message to the
victim.
The impact of the vulnerability is that the user who received the message will
have to delete his/her whole conversation and start a new chat as
opening the message keeps on crashing WhatsApp unless the chat is deleted
completely.
"What makes it more serious is that one needs to delete entire chat with the
person they are chatting to in order to get back whatsapp work in normal,"
Bhuyan told THN in an e-mail.
According to the them, the vulnerability which was reported has been tested
and it works on almost all of the versions of Android Operating system
even Jellybean, Kitkat, and all the below android versions.
Similarly, Any member of your WhatsApp group could intentionally send a
specially crafted message to exit people from the group and delete the group.
If you don’t want someone to keep history of your chat with him/her or
them, then you can send the exploit to that person.
The vulnerability is'nt reported on iOS, but it is possible that all versions of
WhatsApp namely 2.11.431 and 2.11.432 are prone with this bug. This exploit
does not work on Windows 8.1.
They have also provided the Proof-of-Concept (PoC) video for the attack, users
can watch above.
WhatsApp made end-to-end encryption on all text
messages as a default feature in an to Increase the online privacy and
security of its users around the Globe. The app maker describes this Step as
the Largest Deployment Of End-To-End Encryption Ever.