KUALA LUMPUR — A cybersecurity firm discovered a flaw in WhatsApp group chats that could allow malicious parties to crash the app for everyone in the group, simply by sending a malicious group chat message.
“This message would cause a crash loop for group members, denying users access to all WhatsApp functions until they reinstall the app and delete the group with the malicious message,” Check Point Research stated in a press release.
Its product vulnerability research head Oded Vanunu said that WhatApp’s popularity among consumers, businesses and government agencies made the ability to make people stop using WhatsApp and delete valuable information from group chats a powerful weapon for bad actors.
The firm pointed out that WhatsApp has 1.5 billion users and more than a billion groups, with over 65 billion messages sent per day.
However, Check Point noted some limitations to the flaw: the bad actor would need to be a member of the group being targeted, and would also need to use WhatsApp Web and their web browser’s debugging tool to edit “specific message parameters” before sending the edited text to the group.
The firm said they disclosed its findings to the WhatsApp bug bounty programme on Aug 28.
According to Check Point, WhatsApp has acknowledged its findings and developed a fix, which is available for version number 2.19.58 and newer. Users are urged to update their app to safeguard their information.