An independent Security researcher named Indrajeet Bhuyan from India has discovered a new bug in WhatsApp that could allow anyone to remotely crash others whatsapp app just by sending 4000 emojis in a single message. The bug exists in all the version of the app including the latest build and whatsapp web app.
Just few months back the researcher had reported same kind of bug to whatsapp. The bug allowed crashing any whatsapp remotely by sending special characters of 2kb size in total. The bug was caused by the limit of characters allowed in a message, which was patched immediately by the company but was totally unaware of the emoji limit.
Currently Whatsapp allows 6500-6600 characters in a message, but the case is different for emojis.
If you keep on typing emojis up-to 4000 in a single message, the app slows down but since the character limit is more, it confuses emoji with a single character which leads to buffer overflow and it crashes.
After the first crash you can open your whatsapp app normally but as soon as you open the conversation of the person who sent your the specially crafted message having over 4000 emoji, It crashes again
To prevent the crash you will either need to delete that persons conversation or just forward him a long text message to push the message involving emojis, so that the next time you open the conversation whatsapp doesn’t try to render and display that message.
Although this type of bugs are very common everywhere, when abused it can create very intense problems in apps. In the case of whatsapp the bug might just crash your app without affecting other parts of the operating system or apps, The abuser can use this bug for his advantage as explained by the researcher:
Person A is abusing or blackmailing Person B continuously on whatsapp. Person A threatens to file police complaint against Person B with the help of his conversation as a proof. Person B sends emojis and crashes their conversation on Person A‘s Whatsapp. Now Person A is left with no proof about abusive/blackmailing messages.
As you can see how it can immediately turn into a serious security threat, we advice you to always take a screen shots of your important conversations or regularly backup the whatsapp database to external sources. Do share this information with your friends and family.
Watch the proof of concept here: