The Hacker News — Cyber Security, Hacking, Technology News

What would require crashing the wildly popular WhatsApp messaging application?

Nearly 4000 Smileys.

Yes, you can crash your friends' WhatsApp, both WhatsApp Web and mobile application, by sending them not any specially crafted messages, but just Smileys.

Indrajeet Bhuyan, an independent researcher, has reported The Hacker News a new bug in WhatsApp that could allow anyone to remotely crash most popular messaging app just by sending nearly 4000 emojis to the target user, thereby affecting up to 1 Billion users.

Bhuyan is the same researcher who reported a very popular WhatsApp crash bug last year that required 2000 words (2kb in size) message in the special character set to remotely crash Whatsapp messenger app.

After this discovery, the company patched the bug by setting up the limits of characters in WhatsApp text messages, but unfortunately, it failed to set up limits for smileys send via WhatsApp.

"In WhatsApp Web, Whatsapp allows 65500-6600 characters, but after typing about 4200-4400 smiley browser starts to slow down," Bhuyan wrote in his blog post. "But since the limit is not yet reached so WhatsApp allows to go on inserting...when it receives it overflows the buffer and it crashes."

The recent bug tested on Android devices by multiple brands and successfully crashed:

• WhatsApp for Android devices including Marshmallow, Lollipop and Kitkat
• WhatsApp Web for Chrome, Opera and Firefox web browsers. 

It is sure that the latest version of WhatsApp is affected by this bug.

You can also watch the Proof-of-Concept (PoC) video that shows the attack in work.

How to Protect Yourself 

Bhuyan told The Hacker News that he had reported the WhatsApp crash bug to Facebook. However, before the company patches the issue, there is a simple way out.

If you become a victim of such message on WhatsApp, just open your messenger and delete the whole conversation with the sender.

However, remember, if you have kept some records of your chat with that particular friend, you’ll end up losing them all.

At the beginning of this year, Bhuyan also reported two separate bugs — WhatsApp Photo Privacy bug and WhatsApp Web Photo Sync Bug — in the WhatsApp web client that in some way exposes its users’ privacy.

Poor Android users are facing a terrible, horrible, and awful week.

Few days ago, Trend Micro security researchers uncovered a Android crashing vulnerability in the widely used mobile operating system, impacting the majority of Android devices in use.

The report follows another significant Stagefright vulnerability that was revealed by separate researchers, who warned that nearly 950 Million Android phones can be hijacked by sending a simple text message or via malicious Android app or specially crafted web pages.

Now, the security researchers have discovered a dangerous security bug in the Android operating system that they claim can "brick" your phone, making it unresponsive and completely useless.

The new vulnerability, CVE-2015-3823, can be exploited by potential hackers to cause your Android device to endless Reboot, and is similar to the Stagefright bug in that the flaw exists in the ‘mediaserver’ built-in program.

The vulnerability affects even more Android users. Nearly 90 percent of Android devices running versions 4.0.1 Jelly Bean to 5.1.1 Lollipop are vulnerable to the latest security flaw, affecting every 9 out of 10 Active Android devices.

A Hacker can trigger endless reboots in two ways:

In either case, the attacker lure victims to play malformed media file (.MKV file) using the buggy ‘mediaserver’ plugin. This will cause the mediaserver function to fall into an endless loop beyond the user’s control, forcing the Android device to get slow down until it reboots… again and again.

The firm reported the issue to Google, but the company is not taking it seriously, classifying it as a low-level vulnerability.

Until the official patch is delivered by Google, you can do a simple quirk if this bug hit your devices. All you need to do is reboot your devices in Safe Mode by holding the power button down and pressing Power Off option until you see the pop-up box asking you to restart in Safe Mode.

Safe Mode will disable all third-party apps and information, allowing you to continue using your Android devices until a patch is released.