All WhatsApp users should update their messaging app to the latest available version that squishes a serious bug which could wipe out all of their group chats in one fell swoop.
According to The Register, security researchers from Check Point have discovered and publicized a nasty vulnerability in older versions of the instant messaging app which could be leveraged to wipe out all the user’s group chats with a single maliciously formed message.
According to Check Point, the vulnerability could enable a malicious user to deliver a destructive group chat message that produces “a swift and complete crash of the entire application for all members of the group chat.” Check Point notes that the crash forces people to uninstall and reinstall WhatsApp, but even doing that would prohibit them from returning to the group chat, thereby resulting in total loss of all group chat history, indefinitely.
“The group chat would then not be able to be restored after the crash occurs and would need to be deleted in order to stop the crash-loop,” the firm added. To carry out an attack, a bad actor would gain entry to the target group and then edit “specific message parameters” using their web browser’s debug tool in order to trigger the unstoppable crash loop.
Here’s a video illustrating the bug.
Older versions of WhatsApp for iOS and Android are both affected.
The vulnerability was discovered in August 2019 and reported to WhatsApp. The Facebook-owned company has since squished the bug in the update for version 2.19.246 and onwards. As a quick reminder, WhatsApp includes a privacy setting allowing you to control who can add you to groups in the Account → Privacy → Groups section of the in-app settings.
Specifically, group admins can send a private invite instead.