Wednesday, December 31, 2014

Crash friends WhatsApp with just a message


Two India based security researchers, Indrajeet Bhuyan and Saurav Kar, both 17-year old teenagers have found a vulnerability in the popular messaging app WhatsApp, which allows anyone to remotely crash WhatsApp by just sending a specially crafted message.

            In a demonstration, they showed how a 2000 words (2kb in size) message written in special characters can crash WhatsApp messenger app of the person who has received it and also who has send it. Previously also there was a similar vulnerability in WhatsApp in which if a person sends a huge message ( size greater than 7mb), it will crash victim’s device and app both immediately, but this new exploit allow attacker to send a very small size message(2 kb) to the victim.

            The user who receives the specially crafted message will have to delete his/her whole conversation with the attacker and will have to start a new one, because opening the message keeps on crashing the WhatsApp.

            According to the duo, the reported vulnerability has been tested on Gingerbread, Jellybean, Kitkat, and all the above Android Operating systems and it works successfully on them.

            Similarly in a WhatsApp group if a group member intentionally sends a specially crafted message, then everyone will have to exit from the group. Also for example, if I don’t want that someone should have records of my chat with them, then I can simply send the same message exploit to that person.

            This vulnerability has not been tested on iOS, but it is sure that all versions of WhatsApp are affected by this bug including 2.11.431 and 2.11.432. But the attack does not work on windows 8.1.

            WhatsApp which is bought by Facebook for $19 billion in February 2014, has over 600 Million while writing this post, and according to researchers no of users affected by this vulnerability could be 500 Million.
           

            Reecently WhatsApp was in news for making end-to-end encryption on all text messages as a default feature to boost online privacy and security of its users. The app maker describes this as the “largest deployment of end-to-end encryption ever”.

Posted by at
Labels: , , , , , , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)