Wednesday, December 23, 2015

Now Crash Anyone's WhatsApp Just By Sending Smileys

According to a security researcher Indrajeet Bhuyan, there is a simple way to crash the popular instant messaging app WhatsApp by just sending an insane amount of smileys. This serious WhatsApp flaw can crash the mobile app as well as the WhatsApp Web.
In his discovery, Bhuyan found that by sending about 4,000 smileys to a target, the WhatApp app starts to slow down and crashes due to “buffer overflow”. This flaw targets both the desktop and mobile apps.

How WhatsApp smiley bug works?

“In WhatsApp Web, Whatsapp allows 65500-6600 characters, but after typing about 4200-4400 smiley browser starts to slow down,”But since the limit is not yet reached so WhatsApp allows to go on inserting…when it receives it overflows the buffer and it crashes.”
“….so it crashes while we type and send and in mobile too when it receives it overflows the buffer and it crashes,” Bhuyan explains.
This WhatsApp smiley bug affects Firefox, Opera, and Chrome PC browsers, along with iPhone and multiple versions of Android OS.

Video demonstration of WhatsApp smiley bug:

Here’s the video demonstration of the bug showing how the attack crashes WhatsApp:


Here’s how to protect yourself from WhatsApp smiley flaw?

Bhuyan has reported the smiley bug to WhatsApp. “This can also be used to do a Denial of service in the browser and it freezes the browser and gives a ‘not responding’ error,” he adds.
Till the issue is fixed, here’s a simple way to save yourself from the attack.
Once you receive this full-of-tons-of-smiley message from someone, you’ll have to open the messenger and delete the entire chat with the attacker.
Bhuyan is the same researcher who reported a very popular WhatsApp crash bug last year that required 2000 words (2kb in size) message in the special character set to remotely crash Whatsapp messenger app.

No comments:

Post a Comment