WhatsApp Bug Can Wipe Out Group Chats, Warns Check Point

Researchers at security specialist Check Point Software Technologies have uncovered a bug in WhatsApp that is so serious it can permanently wipe out a group chat.

The vulnerability is related to, according to Check Point, “a manipulation of the WhatsApp protocol using a tool built by Check Point Research in order to validate WhatsApp security without jeopardizing WhatsApp end to end encryption.”

It seems this tool “allows a user to modify WhatsApp messages before being sent and change the general parameters, such as participant’s phone number.”

Group chats

According to Check Point, the bug was discovered in August 2019 and responsibly reported to WhatsApp. The good news is that its developers fixed the bug in the update for version 2.19.246 and onwards.

Check Point is seems in order to discover any vulnerabilities in WhatsApp, “set up the WhatsApp Manipulation Tool and started testing new ways to manipulate WhatsApp protocol.”

During its testing, it found a technique that “where one can crash WhatsApp on multiple phones in a shared group.”

Check Point found that it could “start decrypting and modifying messages in a conversation where we participate.”

The bug itself reportedly resides in XMPP (Extensible Messaging and Presence Protocol), a communication protocol for instant messaging.

Its WhatsApp tool was able to edit the parameter participant to identify who sent the message.

“In order to exploit this bug we would need to replace the participant’s parameter from the sender phone number to any non-digit character(s) e.g. ‘c@s.whatsapp.net’,” said the Check Point researchers. “By sending this message WhatsApp application will crash in every phone that is a member of this group.”

“The bug will crash the app and it will continue to crash even after we reopen WhatsApp, resulting in a crash loop,” the warned. “Moreover, the user will not be able to return to the group and all the data that was written and shared in the group is now gone for good. The group cannot be restored after the crash has happened and will have to be deleted in order to stop the crash.”

“In WhatsApp there are many important groups with valuable content,” Check Poinit said. “If an attacker uses this technique and crashes one of these groups all chat history will be gone and further communication would be impossible.”

“The impact of this vulnerability is potentially tremendous, since WhatsApp is the main communication service for many people,” they said. “Thus, the bug compromises the availability of the app which is a crucial for our daily activities.”

The only way to recover from the issue is to uninstall WhatsApp, install it again, and remove the group which contains the malicious payload.

Check Point produced the following proof of concept video, found here.

App security

As WhatsApp is now a hugely popular messaging app, the importance of its security remains a serious issue for many people.

This was evidenced in October, when WhatsApp sued Israel-based NSO Group, and alleged it was behind the cyberattack earlier this year that infected devices with advanced surveillance tools.

In May 2019, WhatsApp urged all of its 1.5 billion users to update their software to fix a vulnerability that it said was being actively exploited to implant advanced surveillance tools on users’ devices.

The Facebook-owned company discovered the vulnerability earlier in May and released a fix. The Financial Times reported in May that the bug was used to implant spyware developed by NSO, citing an unnamed surveillance software maker as its source.

Do you know all about security? Try our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

The Sustainability of AI

While AI promises unparalleled efficiency, productivity, and innovation, questions regarding its environmental impact loom large.…

1 hour ago

Trump’s Truth Social Makes Successful Market Debut

Shares in Donald Trump’s social media company rose about 16 percent after first day of…

1 hour ago

Dutch PM Raises Cyber Espionage Case With China’s Xi

Beijing visit sees Dutch Prime Minister Mark Rutte discuss cyber espionage incident with Chinese President…

2 hours ago

Vodafone Germany Confirms 2,000 Job Losses, Amid European Restructuring

More downsizing at Vodafone after German operation announces 2,000 jobs will be axed, as automation…

19 hours ago

AI Poses ‘Jobs Apocalypse’, Warns Report

IPPR report warns AI could remove almost 8 million jobs in the United Kingdom, with…

19 hours ago

Europe’s Longest Hyperloop Test Track Opens

European Hyperloop Center in the Netherlands seeks to advance futuristic transport technology, despite US setbacks

20 hours ago