Crisis averted: WhatsApp fixed a lethal security flaw

Imagine the app that is your communication lifeline unexpectedly and repeatedly dying.

The research arm of Check Point Security announced Tuesday that it found a WhatsApp vulnerability that could have caused frustrating and potentially disastrous functionality for users. The firm alerted WhatsApp to the problem in August, and it is now fixed.

Using group chat, Check Point was able to create an exploit that would repeatedly crash the app. WhatsApp wouldn't work again until the app was uninstalled, reinstalled, and the offending group chat was deleted. Here's a video demo of how it works.

To most users, the bug might sound like just a frustrating experience. But the researchers pointed out to Fast Company that for users like activists or dissidents, it could be especially harmful: The bug has the potential to interrupt communication, and would require deletion of chat logs, multimedia, and contacts in group chats. That scenario is a real possibility, considering WhatsApp is a favored communication tool, especially internationally, since it has end-to-end encryption.

WhatsApp recently made changes to group chats to make them more secure and less susceptible to being a channel for spreading false and dangerous information. Before April of this year, anyone could add you to a group chat. Now, if you enable the setting, anyone can "invite" you to join a chat — but you have to accept or deny the invitation. Still, if you don't have your privacy specifically set to disallow group adding, anyone can simply add you to a group; groups can contain up to 256 people.

WhatsApp has been the target of vulnerability exploits before. This spring, attackers started manipulating WhatsApp to totally take control over users' phones using Pegasus spyware. And in 2018, Check Point discovered that it could manipulate the sender names and text of forwarded messages, which enabled the spread of fake news.

Facebook-owned WhatsApp has been taking action itself to combat fake news on WhatsApp by restricting the forwarding functionality. Despite fixes meant to make WhatsApp a tool for non-malicious communication, the work of these researchers show that the "secure" messaging platform is far from airtight.