Here's how to crash WhatsApp using a lot of emojis
The exploit, which crashes the WhatsApp web and mobile app, was discovered by 18-year-old Indrajeet Bhuyan, who wrote about it on hacking website Hackatrick and demoed it in a YouTube video.
So how do you crash WhatsApp? Bhuyan explains:
"In WhatsApp Web, WhatsApp allows 6500-6600 characters. But after typing about 4200-4400 smiley browser starts to slow down.
"But since the limit is not yet reached so WhatsApp allows to go on inserting. So it crashes while we type and send and in mobile too when it [the mobile app] receives it overflows the buffer and it crashes."
Bhuyan claims to have tested his exploit with the following:
- PC Browser - Firefox, Chrome
- Android - Marshmallow, Lollipop, Kitkat
- Mobile - Moto E Gen 1 ( 1GB RAM ), Asus Zenfone 2 Laser ( 2GB RAM), Oneplus Two (4GB RAM)
"It works perfectly well in the above," he said. "I have tested in iPhone too but in iPhone it fails to crash."
While WhatsApp does not crash on the iPhone, it does freeze for a few seconds, according to Bhuyan.
"There are more than 1 billion Android users who use WhatsApp, which means this flaw could affect 1 billion+ users."
Last year WhatsApp was forced to address a different app-crashing security flaw brought to light by Bhuyan and his friend Sourav Kar.
"We showed how a 2000 word message in special character set can crash WhatsApp Messenger app," he wrote. "The main impact of the vulnerability was that the user who received the specially crafted message had to delete his/her whole conversation and start a fresh chat, because opening the message keeps on crashing WhatsApp unless the chat is deleted completely.
Comodo
In a separate security issue brought to light this week, WhatsApp users are being spammed with a new malware attack, according to security firm Comodo, which wrote about the malware in this blog post.
The malware is being sent to WhatsApp users through official-looking emails claiming to be from WhatsApp itself. The emails state that the user has a missed call, audio recording or notification and the malware infects the user's PC when the attachment is opened.
- I got a $40K raise using this 30-second strategy. It made me realize loud work, not hard work, always wins.
- Qatar Airways' new CEO explains why it's sticking with the Airbus A380 as other airlines retire the costly superjumbo
- Prince Harry and Meghan found out about Kate Middleton's cancer diagnosis on TV like everyone else, report says
- Kia India looks to expand sales, service network to 700 touchpoints by year-end
- Shapoorji Pallonji’s Afcons Infra files DRHP for ₹7,000 crore IPO
- Water crisis affects businesses across Bengaluru; Is there room for cautious optimism?
- BenQ Zowie EC2-CW review – Premium wireless mouse for gamers
- Banks' GNPAs set to improve further to 2.1 pc by FY25: Care Ratings