WhatsApp flaw allowed attackers to crash app via group chat message: Check Point Research

The new vulnerability crashed the entire application and WhatsApp needed to be reinstalled to regain usage.


Cybersecurity solutions provider Check Point Research has discovered a new vulnerability in WhatsApp. The Facebook-owned instant messaging platform was open to an attack that could allow any bad actor to crash the application by delivering malicious group chat messages.

 WhatsApp flaw allowed attackers to crash app via group chat message: Check Point Research

A man poses with a smartphone in front of displayed Whatsapp logo in this illustration September 14, 2017. Image: Reuters.

This vulnerability affected all WhatsApp users present in groups. According to the report by Check Point Research, an attacker could send harmful messages to groups via WhatsApp Web. By editing certain message parameters using the web browser’s debugging tool, the edited text could be sent to the group, ultimately putting everyone’s app into a crash loop. It wouldn’t allow the affected users to use WhatsApp unless they uninstall and reinstall the app.

The flaw has been fixed by WhatsApp already since version number 2.19.58. Check Point Research had disclosed its findings to the company’s bug bounty program back in August and a fix was eventually developed.

Check Point’s Head of Product Vulnerability Research Oded Vanunu said, “Because WhatsApp is one of the world’s leading communication channels for consumers, businesses and government agencies, the ability to stop people using WhatsApp and delete valuable information from group chats is a powerful weapon for bad actors. All WhatsApp users should update to the latest version of the app to protect themselves against this possible attack.”

In a statement to Tech2, WhatsApp Software Engineer Ehren Kret said, “WhatsApp greatly values the work of the technology community to help us maintain strong security for our users globally. Thanks to the responsible submission from Check Point to our bug bounty program, we quickly resolved this issue for all WhatsApp apps in mid-September. We have also recently added new controls to prevent people from being added to unwanted groups to avoid communication with untrusted parties all-together.”

Welcome to Tech2 Innovate, India’s most definitive youth festival celebrating innovation is being held at GMR Grounds, Aerocity Phase 2, on 14th and 15th February 2020. Come and experience an amalgamation of tech, gadgets, automobiles, music, technology, and pop culture along with the who’s who of the online world. Book your tickets now.