WhatsApp is the world's largest cross-platform messaging application used by more than 1.5 billion users. The app's massive outreach makes it an ideal target for hackers to target WhatsApp, which has resulted in several instances of security breaches in the platform, including Pegasus. As WhatsApp's defences get advanced, bad actors try to find new ways to exploit loopholes.
Besides WhatsApp's security team working to keep the platform secure, the company relies on the community for inputs via bug bounty program. It paid off greatly when a noted cybersecurity firm, CheckPoint Research discovered a bug and helped WhatsApp fix it in due time.
WhatsApp vulnerability
According to CheckPoint researchers, WhatsApp could have been attacked by any bad actor due to an unpatched bug in the platform, which could result in crashing the application and deleting chat history. The vulnerability only appeared to affect WhatsApp groups and the users in it.
The researchers noted that an attacker could send a message to WhatsApp groups via WhatsApp Web by editing certain parameters using the web's debugging tool. This would then put the app in a crash loop for all the users part of that group.
When affected, users won't be able to launch the app to delete the message or even the group. "The impact of this vulnerability is potentially tremendous, since WhatsApp is the main communication service for many people. Thus, the bug compromises the availability of the app which is a crucial for our daily activities," the researchers noted.
In addition to that, all chat history pertaining to that group will be deleted and users won't be able to return to the group.
What should users do?
If you are not a part of any WhatsApp group, which is highly unlikely, this shouldn't concern you. However, if you are, which is highly likely, users must drop everything else and update the app right away. In order to stop the crash loop, users will have to uninstall WhatsApp and reinstall it again.
Luckily, WhatsApp has fixed the issue after it was notified of the vulnerability by CheckPoint in August. If you haven't updated the app since September or have automatic updates turned off, it is best to head to Play Store and App Store to update WhatsApp.
"WhatsApp greatly values the work of the technology community to help us maintain strong security for our users globally. Thanks to the responsible submission from Check Point to our bug bounty program, we quickly resolved this issue for all WhatsApp apps in mid-September. We have also recently added new controls to prevent people from being added to unwanted groups to avoid communication with untrusted parties all-together," WhatsApp Software Engineer Ehren Kret was quoted as saying by Tech2.