Home > Tech

Crisis averted: WhatsApp fixed a lethal security flaw

It was hiding in plain sight.
By Rachel Kraus  on 
Share on Facebook Share on Twitter Share on Flipboard
Crisis averted: WhatsApp fixed a lethal security flaw
A crashing circle of hell Credit: Rafael Henrique/SOPA Images/LightRocket via Gett

Imagine the app that is your communication lifeline unexpectedly and repeatedly dying.

The research arm of Check Point Security announced Tuesday that it found a WhatsApp vulnerability that could have caused frustrating and potentially disastrous functionality for users. The firm alerted WhatsApp to the problem in August, and it is now fixed.

Using group chat, Check Point was able to create an exploit that would repeatedly crash the app. WhatsApp wouldn't work again until the app was uninstalled, reinstalled, and the offending group chat was deleted. Here's a video demo of how it works.

Mashable Light Speed
Want more out-of-this world tech, space and science stories?
Sign up for Mashable's weekly Light Speed newsletter.
By signing up you agree to our Terms of Use and Privacy Policy.
Thanks for signing up!

To most users, the bug might sound like just a frustrating experience. But the researchers pointed out to Fast Company that for users like activists or dissidents, it could be especially harmful: The bug has the potential to interrupt communication, and would require deletion of chat logs, multimedia, and contacts in group chats. That scenario is a real possibility, considering WhatsApp is a favored communication tool, especially internationally, since it has end-to-end encryption.

WhatsApp recently made changes to group chats to make them more secure and less susceptible to being a channel for spreading false and dangerous information. Before April of this year, anyone could add you to a group chat. Now, if you enable the setting, anyone can "invite" you to join a chat — but you have to accept or deny the invitation. Still, if you don't have your privacy specifically set to disallow group adding, anyone can simply add you to a group; groups can contain up to 256 people.

WhatsApp has been the target of vulnerability exploits before. This spring, attackers started manipulating WhatsApp to totally take control over users' phones using Pegasus spyware. And in 2018, Check Point discovered that it could manipulate the sender names and text of forwarded messages, which enabled the spread of fake news.

Facebook-owned WhatsApp has been taking action itself to combat fake news on WhatsApp by restricting the forwarding functionality. Despite fixes meant to make WhatsApp a tool for non-malicious communication, the work of these researchers show that the "secure" messaging platform is far from airtight.

Topics Cybersecurity Social Media WhatsApp

Mashable Image
Rachel Kraus

Rachel Kraus is a Mashable Tech Reporter specializing in health and wellness. She is an LA native, NYU j-school graduate, and writes cultural commentary across the internetz.

Recommended For You
15 of the best horror movies on Hulu to freak you the hell out
By Alison Foreman
Stills from "Cobweb," "Infinity Pool," and "Piggy."
Why Zendaya says you gotta see 'Challengers' twice 
By Kristy Puchko
Zendaya and Josh O'Connor face off in "Challengers."
'Challengers' review: You're not ready for Zendaya's horny love-triangle drama
By Kristy Puchko
Mike Faist as Art, Zendaya as Tashi and Josh O’Connor as Patrick in "Challengers."
'Late Night with the Devil' review: '70s flare and Satanic Panic bring horror home
By Kristy Puchko
Ingrid Torelli, David Dastmalchian, and Laura Gordon in Colin Cairnes and Cameron Cairnes' "Late Night with the Devil."
Summer Movie Preview: Every film you oughta know
By Kristy Puchko
A composite of movie stills from summer movies.
Trending on Mashable
NYT Connections today: See hints and answers for April 30
By Mashable Team
A phone displaying the New York Times game 'Connections.'
Spacecraft approaches metal object zooming around Earth, snaps footage
By Mark Kaufman
A large piece of space debris imaged by the Astroscale ADRAS-J mission.
Wordle today: Here's the answer and hints for April 30
By Mashable Team
a phone displaying Wordle
NYT's The Mini crossword answers for April 30
By Mashable Team
Closeup view of crossword puzzle clues
Everything you need to remember before 'Bridgerton' Season 3
By Shannon Connellan
Nicola Coughlan as Penelope Featherington in "Bridgerton" Season 3.
The biggest stories of the day delivered to your inbox.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.
Thanks for signing up. See you at your inbox!