WhatsApp, the world’s most popular end-to-end encrypted messaging application, patched an incredibly frustrating software bug that could have allowed a malicious group member to crash the messaging app for all members of the same group, The Hacker News learned.
Just by sending a maliciously crafted message to a targeted group, an attacker can trigger a fully-destructive WhatsApp crash-loop, forcing all group members to completely uninstall the app, reinstall it, and remove the group to regain normal function.
Since the group members can’t selectively delete the malicious message without opening the group window and re-triggering the crash-loop, they have to lose the entire group chat history, indefinitely, to get rid of it.
Discovered by researchers at Israeli cybersecurity firm Check Point, the latest bug resided in the WhatsApp’s implementation of XMPP communication protocol that crashes the app when a member with invalid phone number drops a message in the group.
“When we attempt to send a message where the parameter ‘participant’ receives a value of ‘null,’ a ‘Null Pointer Exception’ is thrown,” the researchers explain in a report shared with The Hacker News prior to its…
http://feedproxy.google.com/~r/TheHackersNews/~3/7GbV3JlKhRE/whatsapp-group-crash.html