WhatsApp Fixes Yet Another Group Chat Security Gap
The flaw would have given attackers an avenue for crashing the app—every time a user opened an infected group thread.
One of the most popular features of Facebook-owned WhatsApp is group messaging, which turns the app’s end-to-end encrypted chats into social groups that can include up to 256 participants. But recent stumbles in group chat security—including a bug that could have let a hacker crash the app entirely—have shown that WhatsApp may need to keep a closer eye on these communal hubs.
That specific vulnerability, disclosed by security firm Check Point in August and patched in September, would have let a hacker cause group chat chaos with a specially crafted message. To stop their app from failing every time they opened the infected thread, recipients would have to uninstall WhatsApp altogether, reinstall it, and delete the compromised group chat from their accounts. Victims who didn’t back up their WhatsApp data would lose everything in the uninstall process, and even those with backups would give up the contents of the affected chat, since it has to be removed without reopening it to stop the crash cycle.