A newly-discovered vulnerability in WhatsApp could allow malicious users to crash the app for all members of a group chat, and delete the chat history.
Cyber intelligence company Check Point developed a tool that could create messages capable of breaking WhatsApp for all members of the group, forcing them to reinstall the app from scratch.
- WhatsApp dark mode: everything you need to know
- How to enable dark mode for Google Chrome
- How to enable dark mode for Facebook
Even once the app is reinstalled, affected users are unable to return to the group chat, or read past messages send within it. The group will have to be removed, or the app will crash again.
"In WhatsApp there are many important groups with valuable content. If an attacker uses this technique and crashes one of these groups all chat history will be gone and further communication would be impossible," wrote Check Point's researchers Dikla Barda, Roman Zaikin and Yaara Shriki.
"The impact of this vulnerability is potentially tremendous, since WhatsApp is the main communication service for many people. Thus, the bug compromises the availability of the app which is a crucial for our daily activities."
How to protect yourself
It wasn't possible to exploit the bug without specially developed software, so the risk of it being used in the wild was always low. Check Point reported the vulnerability to WhatsApp, which has issued a fix. Make sure your app is updated to the latest version to ensure you're protected.
It's also worth taking a look at the newly introduced privacy options that let you prevent strangers adding you to groups.
Head to 'Settings > Account > Privacy > Groups' to see the available settings. If you select 'Everyone', anyone will be able to add you to a group chat. If you select 'My contacts' only people in your address book will be able to add you. The final option is 'My contacts except', which lets you prevent certain contacts from adding you.
