What would require crashing the wildly popular WhatsApp messaging application?
Nearly 4000 Smileys.
Yes, you can crash your friends’ WhatsApp, both WhatsApp Web and mobile application, by sending them not any specially crafted messages, but just Smileys.
Indrajeet Bhuyan, an independent researcher, has reported The Hacker News a new bug in WhatsApp that could allow anyone to remotely crash most popular messaging app just by sending nearly 4000 emojis to the target user, thereby affecting up to 1 Billion users.
Bhuyan is the same researcher who reported a very popular WhatsApp crash bug last year that required 2000 words (2kb in size) message in the special character set to remotely crash Whatsapp messenger app.
After this discovery, the company patched the bug by setting up the limits of characters in WhatsApp text messages, but unfortunately, it failed to set up limits for smileys send via WhatsApp.
“In WhatsApp Web, Whatsapp allows 65500-6600 characters, but after typing about 4200-4400 smiley browser starts to slow down,” Bhuyan wrote in his blog post. “But since the limit is not yet reached so WhatsApp allows to go on inserting…when it receives it overflows the buffer and it crashes.”
The recent bug tested on Android devices by multiple brands and successfully crashed:
- WhatsApp for Android devices including Marshmallow, Lollipop and Kitkat
- WhatsApp Web for Chrome, Opera and Firefox web browsers.
It is sure that the latest version of WhatsApp is affected by this bug.
You can also watch the Proof-of-Concept (PoC) video that shows the attack in work.
How to Protect Yourself
Bhuyan told The Hacker News that he had reported the WhatsApp crash bug to Facebook. However, before the company patches the issue, there is a simple way out.
If you become a victim of such message on WhatsApp, just open your messenger and delete the whole conversation with the sender.
However, remember, if you have kept some records of your chat with that particular friend, you’ll end up losing them all.
At the beginning of this year, Bhuyan also reported two separate bugs
— WhatsApp Photo Privacy
bug and WhatsApp Web Photo Sync
Bug — in the WhatsApp web client that in some way exposes its users’ privacy.