430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Hacking

Crashing WhatsApp by sending a specially crafted message

Indian researchers have discovered a flaw in WhatsApp that allows anyone to remotely crash the popular mobile app by sending a specially crafted message. A “nice” vulnerability has been discovered in the popular messaging app WhatsApp that could be exploited by an attacker to remotely crash the mobile app just by sending a specially crafted message. The […]

whatsapp

Indian researchers have discovered a flaw in WhatsApp that allows anyone to remotely crash the popular mobile app by sending a specially crafted message.

A “nice” vulnerability has been discovered in the popular messaging app WhatsApp that could be exploited by an attacker to remotely crash the mobile app just by sending a specially crafted message. The news was reported by two Indian security researchers that contacted the colleagues at ‘The Hacker News’.

The two India based researchers, Indrajeet Bhuyan and Saurav Kar, are very young, they are both 17-year old teenagers and have reproduced the exploitation of the vulnerability in the WhatsApp Message Handler.

whatsapp hack-valunerbility-app

TheHackersNews portal has published a video PoC in which is demonstrated that by sending a 2000 words (2kb in size) message in a special character set is possible to cause the crash of the WhatsApp recipients’ app.

As explained by the researchers, the bug in the WhatsApp is really worrying because in order to restore a normal operation, the targeted user will have to delete his whole conversation and start a new chat session. This anomalous behavior is caused by the presence of the malicious message within the chat messages that will cause the WhatsApp crash unless the chat is deleted completely.

“What makes it more serious is that one needs to delete entire chat with the person they are chatting to in order to get back whatsapp work in normal,” Bhuyan told THN in an e-mail.

The serious flaw affects most of the Android versions currently available on the market including Jellybean, Kitkat, and all the below android versions.

Also WhatsApp groups are seriously impacted by the vulnerability, an attackers could intentionally send a specially crafted message to exit people from the group and delete the group. Just by sending a specially crafted message is possible to avoid that a member of the group maintains trace of attacker’ chat with him, because the message will cause the crash of the targets.

The Indian researchers still haven’t massively tested the flaw in iOS version of WhatsApp, meanwhile the attack doesn’t work on Windows 8.1.

These guys are really a wonder, what do you think?

Pierluigi Paganini

(Security Affairs –  WhatsApp, hacking)