WhatsApp seems to be full of vulnerabilities these days. At first, it tried to steal your banking information through a malware in WhatsApp’s update, now it seems that you can crash specific users’ apps by sending them a whole bunch of emojis.
5,000 emojis to be precise.
Researcher Indrajeet Bhuyan reveals that people can cause Android versions of the WhatsApp application to crash by sending them at least 5,000 emojis from the web version of WhatsApp. When a user receives the application and tries to open it, the whole app would crash.
The only way to recover from that is to delete the entire conversation. Through our experimentation, it does indeed work. When we tried to open the “malicious” message, sure enough, our application crashed and we had to close and restart it before we could access the app again.
However, the other conversations were unaffected by the malicious thread, so as long as you leave that conversation alone it won’t crash the application. This also works for group chats. The only way to access that conversation again is to delete the entire thread and start a new conversation with that contact.
That said, if you have 4GB of RAM like we did on our Oppo R7s, you can have varying degrees of success in opening the thread again though you would have to wait awhile. This vulnerability does not extend to the iOS version of WhatsApp as the emojis only cause the app to lag, unlike a previous iOS vulnerability that relied on a specific message.
Although WhatsApp does have a character limit of 6,000 — to prevent messages that the application cannot handle — it seems that this still far too many as a mere 5,000 emojis will kill the app.
When talking about the potential exploits of having such a vulnerability, Bhuyan says that an attacker could be sending abusive messages to their victim, blackmailing or threatening them, then send them 5,000 emojis to crash that thread and make it so that the victim can’t access the thread for evidence again.
Let’s hope WhatsApp (or Facebook) pushes out a fix for this soon before people with bad intentions catch on and start abusing this.
Planning to travel to Japan soon? With the emergence of cross-border eWallet payments, we recently…
Chery Malaysia has just issued a new statement following JPJ's recall notice for the Omoda…
After being out of commission for several months, the ChargEV chargers at Aeon Mall Shah…
The Kia EV9 has officially landed in Malaysia with a lower-than-expected price tag. Bookings for…
Digital Minister Gobind Singh shared today that the newly reconstituted board of Digital Nasional Berhad…
Samsung gave us a tour of its first flagship smart home showroom in Thailand, located…
This website uses cookies.