Very large messages sent through Facebook's chat client can make applications and devices crash in a form of denial-of-service attack, a security researcher has discovered.
"It has been possible to disconnect three different testing users (three out of three) by sending big enough messages, one of them reported that his tablet restarted after the reception," Buenos Aires, Argentina-based security researcher Chris Russo wrote on the Full Disclosure mailing list.
"The chat module, which at this moment I can't use since it looks like I have been blocked," Russo wrote, "doesn't have any kind of limit in the amount of characters that can be sent."
The exact message that caused the denial-of-service attack hasn't been made public, but Russo did post the code he used with the message deleted.
In comments attached to his posting, Russo wouldn't confirm how big his messages were. He said he kept increasing the sizes by 1,000 characters each time until the exploit worked.