Skip to main content

Bug Sent WhatsApp Into Crash Loop, Caused Chat History Loss

Security researchers found a bug in WhatsApp that could be used to crash the messaging app in a loop on the phone of every member of a group.

The effect could be obtained by modifying a participant's phone number and sending out a message. As a result, members would no longer be able to access the group or conversation history.
Getting the keys

The issue, fixed with the release of WhatsApp 2.19.246, was in the XMPP (Extensible Messaging and Presence Protocol) responsible for instant messaging.

Using a tool of their own creation called WhatsApp Manipulation Tool, vulnerability researchers at Check Point were able to modify the parameters the app needs to deliver messages in a coherent way and obtain the denial-of-service result.

It is important to note that this research builds on previous efforts to break WhatsApp's secure message delivery. That endeavor resulted in the ability to intercept and manipulates messages sent privately or to groups.

Check Point's technique involves the participation of a group member and obtaining the encryption keys that are generated during the login process.

Using the Burp Suite web vulnerability scanner, they intercepted the WhatsApp traffic containing the "secret" parameter holding the data necessary to modify the details leading to the continuous crash.
Illegal characters

With the encryption and decryption keys, and the "secret" parameter in hand, the researchers could send the messages in clear text to the manipulation tool.

In a report released today, Check Point explains that a crash is registered whenever a message is delivered to a parameter "participant" that has a "null" value.

This can happen when the parser for the participant's phone number mishandles the input, such as in the case of a non-digit string.

"In a typical scenario, when a user in a WhatsApp group sends a message to the group, the application will examine the parameter participant to identify who sent the message. While using our tool we were able to access this parameter and edit it" - Check Point

Thus, reaching the crash objective became pretty simple: replace the sender's phone number to any non-digit characters.

At this point, any message from the attacking participant would result in WhatsApp crashing in a loop. The effect would replicate each time the messaging app attempts to read the sender's details.

Stopping the crash effect is possible only by reinstalling the app and deleting the group. As a consequence, all the conversation history attached to it is lost.

WhatsApp is used not only casually for friendly chatting. Some users rely on it as the main communication service for work-related matters.

The researchers argue that the outcome of exploiting such a bug is drastic for groups that share valuable information.

Check Point has published a video showing how an attacker could have destroyed group chats:

https://youtu.be/u-sGONBNrwg

Discovered in August, the bug was disclosed responsibly to WhatsApp and fixed in app versions starting 2.19.246.

Comments

Popular posts from this blog

What is BLACK WINDOWS 10 V2 windows based penetration testing os,and what are its features.Download link inside

                         Black Windows 10 V2

Mechatronics notes btech. GATE Notes.