Two 17 year old mobile security researchers from India (Indrajeet Bhuyan and Saurav Kar) have uncovered a vulnerability in the popular Whatsapp application. The Whatsapp vulnerability allows a user to remotely crash another users app. How is this done? By sending a 2000 word message with special characters to the recipient, when they open that message the app will continually crash. The user will have to delete the whole thread in order to gain control of that conversation again. The duo demonstrated the vulnerability on video.
“What makes it more serious is that one needs to delete entire chat with the person they are chatting to in order to get back whatsapp work in normal,” Bhuyan told THN in an e-mail.
The vulnerability has been confirmed to work on most versions of Android, including JellyBean and KitKat. iOS was not tested but it is confirmed that the attack will not work on Windows 8.1. The attack is also said to affect group messages, one person in the group could launch the attack and basically kill the entire conversation, forcing everyone to restart it. We have not seen any comment from Whatsapp on this situation but we’re reaching out for comment and will update this post accordingly.