A new bug was discovered this weekend Whatsapp. Regard a specific message which, if sent, immediately closes the app to Android users.
The discovery came during the week, when a computer security researcher found that if the text “http://wa.me/settings” is sent, it would crash for android phones. That is, whenever you want to enter a chat that contains that message, the app will close. It is what it is known as “text bomb” or “message bomb”.
He insectas this type of error is called in the computer environment, it was initially found in groups, but it also applies to individual messages.
When sending it, a denial of service (DoS) problem occurs: “It happens when an attacker manages to hinder, in some way, access to a specific service by legitimate users”, he explains to clarion Jaime Restrepo, computer security expert and one of those who sounded the alarm when he discovered the problem.
“To make it easier to understand, imagine that someone inserts the wrong key in the lock of your house and picks it inside to block the keyhole: this would be equivalent to a DDoS attack, because this will prevent you, as a legitimate user of the house , you can enter it,” adds the founder of DragonJAR.
“What happens is not a vulnerability, It’s a bug, the famous programming error. When the app closes it is an ‘unhandled exception’: in Creole, it crashed. There is an error in the code and the app closes because it doesn’t know what to do and crashes,” explains Maximiliano Firtman, expert application programmer at IT Master.
So, in order to exploit this bug, it is enough for a member of the group to send that message or even You can also interrupt a chat between two people.
Fortunately, there are two ways to fix it.
The bug: how it works and how to fix it
If for some reason this happens, someone from an iOS device needs to delete that message. If you don’t have anyone with an iPhone, the alternative is to do it via WhatsApp Web.
Of course, the safest thing to do would be to remove and/or block the member who sent that message to prevent it from happening again.
It is not yet clear why this problem occurs. “We don’t have much information yet. in this regard, however, it is possible that it is a problem related to the interpretation of that specific URL, in the WhatsApp application for Android. We have to take into account that the wa.me’ URL is the official WhatsApp,” Restrepo recalls.
“The link, wa.meit is what is called deep connection. It’s the ability to create a link that goes to a particular point in an app: for example, a specific chat with a specific person or a WhatsApp group,” Firtman points out.
“What can happen here is that when there is a wa.me link, the app tries to check if the user has the person linked or not, to enter the name. And when it goes to look, as it is not a phone number but says “settings” [configuración]it should be hung“, interprets the expert.
However, it’s probably just another failure in a long list of problems with text bombs who already had the app.
In 2018, text with a specific Indian language font caused a crash on iOS devices, disabling access to WhatsApp and other messaging apps.
Perhaps one of the best known was the one called “Effective Power”, first detected in May 2015, and which had nothing to do with WhatsApp but with the iMessage service.
However, the mechanics are always the same: a type of text that stops, unsubscribes, or deletes messages from an application.
Making the solution known is the temporary antidote to the problem, until WhatsApp fixes it with an update, which certainly will not be long in coming given the extent of this problem.
Source: Clarin
Linda Price is a tech expert at News Rebeat. With a deep understanding of the latest developments in the world of technology and a passion for innovation, Linda provides insightful and informative coverage of the cutting-edge advancements shaping our world.