The popular messaging app - WhatsApp - has quite a major bug which could allow someone to crash other people's WhatsApp clients. Until a patch is deployed, the only way to stop the app crashing is by deleting the entire conversation.
The bug was found by an independent researcher named Indrajeet Bhuyan. In his latest discovery, he found that by sending 4,000 smileys to a target, the app will "overflow the buffer" and crash. It is not dissimilar from a bug Bhuyan detected last year, in which WhatsApp would crash upon receiving a 2,000 word message, written using a special character set.
WhatsApp fixed the bug from last year by limiting the amount of characters allowed in messages. Unfortunately, the developers behind the messaging app forgot to set up similar limits for smileys - a mistake which Indrajeet Bhuyan was able to exploit.
The latest version of 'WhatsApp for Android' was tested on devices running Marshmallow, Lollipop and Kitkat - and all are open to attack. In addition, 'WhatsApp for Web' is also vulnerable when used in Chrome, Opera and Firefox. It is unclear whether the WhatsApp clients for Windows Phone and iOS are vulnerable to this attack.
Source: Hackatrick via Hacker News
13 Comments - Add comment