Researchers at Check Point discovered a vulnerability in the WhatsApp messenger, which allowed an attacker to disrupt the application of all participants in the selected chat by simply sending a malicious message to the group. The victims had to delete and download the messenger again, but even this did not make it possible to return to the chat. In the end, you have to delete the chat itself, which leads to the loss of all messages.
The error was discovered in August 2019, and the developers fixed it in the update version 2.19.246 and higher.
Researchers explain that the root of the error lay in the implementation of the Extensible Messaging and Presence Protocol (XMPP). So, experts used WhatsApp Web and Chrome DevTools to attack. Usually, when a WhatsApp user sends a message to a group chat, the application checks his phone number, which allows you to determine who sent the message. Check Point experts have discovered the ability to manipulate this and other parameters.
Ultimately, the specialists were able to find that replacing the sender’s phone number with any non-digital character (s) provokes an error for all participants in the chat. Upon receiving such a message, WhatsApp will crash on each phone in the group. PoC video can be seen below.