On Friday, a major vulnerability affecting the WhatsApp application on Android devices began making rounds on the dark web; whilst initially labelled as a rumour, our Intelligence team has now confirmed its existence.
This vulnerability causes WhatsApp chats to crash when a specific text is entered. While WhatsApp has not officially reported the issue yet, our intel team has observed its circulation on various hacker forums.
The recent discovery in November 2022 of a database containing 487 million WhatsApp user mobile numbers on a prominent hacking community forum makes this vulnerability even more concerning. This leak could leave a potential door open for hackers to use this data to send mass messages, or amplify the severity of this vulnerability, potentially leading to a widespread collapse of the WhatsApp application.
If you encounter a crash due to this issue, here’s how you can resolve the problem:
- Access your WhatsApp account on a desktop using WhatsApp Web.
- Locate and open the chat where the problematic message, "wa.me/settings," was sent.
- Select the message and choose the option to delete it for everyone.
- Note: Ensure that your mobile app is updated to the latest version, as older versions may encounter issues since the message deletion occurs across all devices once removed using WhatsApp Web.
- Finally, check the chat that previously experienced a crash to ensure it is now functioning properly.
It is crucial to understand that until this vulnerability is rectified by Meta, the parent company of WhatsApp, hackers can exploit it to distribute mass spam messages. Exercise extreme caution when receiving WhatsApp messages, especially from unknown senders.
At DynaRisk, our all-in-one risk management software solutions help individuals and businesses protect themselves from cyber threats.
Using passive scans and ongoing alerts, our systems notifies you of cyber vulnerabilities that could leave you exposed.
Discover how our risk management software protects you or your business against cyber threats.
Alternatively, explore our risk monitoring software designed to shield your clients and prospects from cyber threats and learn more.