Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
thnSwati KhandelwalTHN:1E578ABA5145F6BBC3171AF7790C65EC
HistoryDec 22, 2015 - 1:10 a.m.

How to Crash Your Friends' WhatsApp Just By Sending Crazy Smileys

2015-12-2201:10:00
Swati Khandelwal
thehackernews.com
11
JSON

whatapp-crash

What would require crashing the wildly popular WhatsApp messaging application?

Nearly 4000 Smileys.

Yes, you can crash your friends’ WhatsApp, both WhatsApp Web and mobile application, by sending them not any specially crafted messages, but just Smileys.

Indrajeet Bhuyan, an independent researcher, has reported The Hacker News a new bug in WhatsApp that could allow anyone to remotely crash most popular messaging app just by sending nearly 4000 emojis to the target user, thereby affecting up to 1 Billion users.

Bhuyan is the same researcher who reported a very popular WhatsApp crash bug last year that required 2000 words (2kb in size) message in the special character set to remotely crash Whatsapp messenger app.

After this discovery, the company patched the bug by setting up the limits of characters in WhatsApp text messages, but unfortunately, it failed to set up limits for smileys send via WhatsApp.

> _“In WhatsApp Web, Whatsapp allows 65500-6600 characters, but after typing about 4200-4400 smiley browser starts to slow down,” _Bhuyan wrote in his blog post. “But since the limit is not yet reached so WhatsApp allows to go on inserting…when it receives it overflows the buffer and it crashes.”

whatsapp

The recent bug tested on Android devices by multiple brands and successfully crashed:

  • WhatsApp for Android devices including Marshmallow, Lollipop and Kitkat
  • WhatsApp Web for Chrome, Opera and Firefox web browsers.
    It is sure that the latest version of WhatsApp is affected by this bug.

Video Demonstration

You can also watch the Proof-of-Concept (PoC) video that shows the attack in work.

How to Protect Yourself

Bhuyan told The Hacker News that he had reported the WhatsApp crash bug to Facebook. However, before the company patches the issue, there is a simple way out.

If you become a victim of such message on WhatsApp, just open your messenger and delete the whole conversation with the sender.

However, remember, if you have kept some records of your chat with that particular friend, you’ll end up losing them all.

At the beginning of this year, Bhuyan also reported two separate bugsWhatsApp Photo Privacy bug and**WhatsApp Web Photo Sync **Bug — in the WhatsApp web client that in some way exposes its users’ privacy.

JSON