Here's how to crash WhatsApp using a lot of emojis

Advertisement

Whatsapp cofounders

Whatsapp

WhatsApp was founded in 2009 by former Yahoo employees Brian Acton and Jan Koum.

WhatsApp, the Facebook-owned messaging platform used by billions, can be crashed when a user types thousands of emojis into a message, according to a teenage hacker who found the vulnerability.

Advertisement

The exploit, which crashes the WhatsApp web and mobile app, was discovered by 18-year-old Indrajeet Bhuyan, who wrote about it on hacking website Hackatrick and demoed it in a YouTube video.

So how do you crash WhatsApp? Bhuyan explains:

Complimentary Tech Event
Transform talent with learning that works
Capability development is critical for businesses who want to push the envelope of innovation.Discover how business leaders are strategizing around building talent capabilities and empowering employee transformation.Know More

"In WhatsApp Web, WhatsApp allows 6500-6600 characters. But after typing about 4200-4400 smiley browser starts to slow down.

"But since the limit is not yet reached so WhatsApp allows to go on inserting. So it crashes while we type and send and in mobile too when it [the mobile app] receives it overflows the buffer and it crashes."

Advertisement

Bhuyan claims to have tested his exploit with the following:

  • PC Browser - Firefox, Chrome
  • Android - Marshmallow, Lollipop, Kitkat
  • Mobile - Moto E Gen 1 ( 1GB RAM ), Asus Zenfone 2 Laser ( 2GB RAM), Oneplus Two (4GB RAM)

"It works perfectly well in the above," he said. "I have tested in iPhone too but in iPhone it fails to crash."

While WhatsApp does not crash on the iPhone, it does freeze for a few seconds, according to Bhuyan.

"There are more than 1 billion Android users who use WhatsApp, which means this flaw could affect 1 billion+ users."

Advertisement

Last year WhatsApp was forced to address a different app-crashing security flaw brought to light by Bhuyan and his friend Sourav Kar.

"We showed how a 2000 word message in special character set can crash WhatsApp Messenger app," he wrote. "The main impact of the vulnerability was that the user who received the specially crafted message had to delete his/her whole conversation and start a fresh chat, because opening the message keeps on crashing WhatsApp unless the chat is deleted completely.

WhatsApp screen grab

Comodo

A screenshot of the fake email.

"The exploit risked more than 500 million users worldwide. We reported the flaw and it was fixed in the next update."

In a separate security issue brought to light this week, WhatsApp users are being spammed with a new malware attack, according to security firm Comodo, which wrote about the malware in this blog post.

The malware is being sent to WhatsApp users through official-looking emails claiming to be from WhatsApp itself. The emails state that the user has a missed call, audio recording or notification and the malware infects the user's PC when the attachment is opened.

Advertisement