The teenagers were arrested for sharing pornographic images via the WhatsApp messaging service
Whatsapp logo. AFP / YASUYOSHI CHIBA

KEY POINTS

  • Check Point recently discovered a new WhatsApp vulnerability
  • The security firm revealed that the new WhatsApp flaw could trigger users to uninstall and reinstall the app
  • To make sure you can avoid this, update your device to the latest WhatsApp update

Facebook-owned messaging app WhatsApp has a rough 2019 in terms of security with stories of multiple vulnerabilities, nation-state hacking campaigns, as well as battle with governments and agencies on their insistence on an end to end encryption. But, even as the year draws to a close, there is a new security threat that compromises the integrity of the messaging platform. This time, the risk is from a specially made app killing messages that crash the platform extensively that users are taken offline and may have a hard time to recover.

There is a flaw in the older versions of WhatsApp that could subject the messaging platform in an endless crash loop forcing the user to delete and install the software once again, potentially losing all chat history in group chats. The researchers at Check Point, an Israeli security firm, discovered the flaw and revealed that an attacker needs to send a specially made malicious message from the Web desktop of WhatsApp to a group chat. The message could crash the app for all mobile users in the group chat.

If the user is affected and tries to restart WhatsApp, the mobile app would crash once again. The only known solution at the moment is to uninstall the app and install it again. But, the affected group chat must be permanently deleted. The latest WhatsApp flaw does not create privacy or security risk since it is a simple DoS attack, which means WhatsApp messages will not be compromised or exposed.

The discovered WhatsApp flaw was submitted by Check Point to the bug bounty program of the company in August. The fix was released to users in Sept. over the air. How will users be able to avoid this?

It is important that WhatsApp users must keep the app updated bu updating it to the most recent build available for the type of device. For iPhone users, the latest WhatsApp version is 2.19.58, while Android users must update their WhatsApp to 2.19.368.

WhatsApp greatly values the work of the technology community to help us maintain strong security for our users globally. Thanks to the responsible submission from Check Point to our bug bounty program, we quickly resolved this issue for all WhatsApp apps in mid-September. We have also recently added new controls to prevent people from being added to unwanted groups to avoid communication with untrusted parties all together.