WhatsApp, once again, marginally escaped a serious security threat. As revealed, a WhatsApp vulnerability allowed an attacker to crash the app across multiple devices and permanently delete group chats.
WhatsApp Vulnerability Deleting Group Chats
Researchers from Check Point Research have once again highlighted a serious vulnerability in WhatsApp.
The present revelation is an extension of Check Point’s previous findings and the development of the WhatsApp Protocol Decryption Burp Tool. In August, the researchers elaborated on how exploiting a bug could allow a potential attacker to manipulate WhatsApp chats. They also developed the WhatsApp Decryption Tool as a PoC.
Now, they demonstrated how an attacker could crash the WhatsApp app on multiple phones at a time. As elaborated in their blog post, exploiting the bug required a few careful steps from the attacker, including gaining access to the WhatsApp encryption keys, the app’s secret parameters, and establishing a connection with Python server. All these steps could be achieved by using their decryption tool.
Then, after gaining access to the required details, an attacker could simply replace a group participant’s phone number to any ‘non-digit’ value, as seen in the following image.
Consequently, sending a message to the target group would result in an app crash across the devices of all participants. Moreover, it would also delete the entire chat permanently after a ‘crash loop’. In turn, the victims would have no other option to stop the issue except reinstalling WhatsApp.
The bug will crash the app and it will continue to crash even after we reopen WhatsApp, resulting in a crash loop. Moreover, the user will not be able to return to the group and all the data that was written and shared in the group is now gone for good. The group cannot be restored after the crash has happened and will have to be deleted in order to stop the crash.
The following video demonstrates the PoC of the attack.
WhatsApp Patched The Bug
After finding this vulnerability in August 2019, Check Point reported it to WhatsApp owners, Facebook. Then, together with the researchers, WhatsApp developers created a fix to address this flaw.
Check Point has confirmed that WhatsApp released the patch with WhatsApp update version 2.19.246 and later.
Users must ensure that their respective devices are running the patched versions of the Facebook-owned WhatsApp to stay safe.
Let us know your thoughts in the comments.