Israeli cyber experts discover vulnerability threatening WhatsApp groups

December 18, 2019 by Arye Green -TPS
Read on for article

The Israeli cyber-security company Check Point Software Technologies announced on Tuesday that it had revealed a security flaw enabling hackers to insert messages and crash group chats on the popular messaging app WhatsApp Messenger.

Software company Check Point office in Tel Aviv. Nov 27, 2017. Photo by Kobi Richter/TPS

The vulnerability allows hackers to permanently crash the app for all chat members, forcing them to delete and reinstall the app, losing the app’s data in the process.

To take advantage of the flaw, a hacker could use the web browser’s debugging tool to edit certain message parameters and send the text to a group on WhatsApp Web, causing the app to crash repeatedly for all group members until reinstalled.

After discovering the critical flaw in August, Check Point disclosed its findings to WhatsApp, which has developed an update to resolve the problem.

Ehren Kret, a software engineer at WhatsApp, said the company added controls to prevent people from being added to group chats without their consent, thus preventing hackers’ access to group chats which are shared with their target.

Check Point’s Head of Product Vulnerability Research Oded Vanunu said that WhatsApp’s global popularity makes the ability to prevent its use and delete data a valuable asset for hackers.

“Because WhatsApp is one of the world’s leading communication channels for consumers, businesses and government agencies, the ability to stop people using WhatsApp and delete valuable information from group chats is a powerful weapon for bad actors,” he explained.

“All WhatsApp users should update to the latest version of the app to protect themselves against this possible attack,” he added.

WhatsApp is considered the biggest messaging app in the world, with 1.5 billion users and over one billion groups. More than 65 billion messages are sent daily on the messaging platform.

Speak Your Mind

Comments received without a full name will not be considered
Email addresses are NEVER published! All comments are moderated. J-Wire will publish considered comments by people who provide a real name and email address. Comments that are abusive, rude, defamatory or which contain offensive language will not be published

Got something to say about this?

This site uses Akismet to reduce spam. Learn how your comment data is processed.