Before we begin about everyone’s favourite communication app “WhatsApp!” , think about this “How many supermodels does it take to change a lightbulb?” Your answers may vary. Now think about “how many smiley’s does it take to crash WhatsApp?”
NOPE, its’ 4000.
All its gonna take you to mess with your friends’ app is 4000 smiley’s. Not especially convoluted character codes, not numbers, not some high tech hacking code but smileys, JUST smiley’s.
Independent researcher Inderjeet Bhuyan reported this bug, this easy to exploit, can be done by a blindfolded monkey and hence risky, BUG! Send 4000 emoji’s to the target you wanna mess with and VOILA, the user now got an app about as useful as a Kardashian with a supercomputer. This app-bug can, in turn, affect 1 billion users.
Indrajeet Bhuyan is the same guy who reported the popular bug for WhatsApp that can enable a guy to remotely crash his girlfriends’ app by sending 2000 words special character message. Another monkey-understandable way to crash the titular messenger app.
This recovery led to patching of the app. The patch limited the number of special characters that one can use in the message. But apparently smiley’s don’t come in the special characters because Bhuyan then proved otherwise.
Bhuyan wrote in his blog “In WhatsApp Web, Whatsapp allows 65500-6600 characters, but after typing about 4200-4400 smiley browser starts to slow down, But since the limit is not yet reached so WhatsApp allows to go on inserting…when it receives it overflows the buffer and it crashes.”
The new bug, when tested on several android devices from multiple brands, had multiple successes. With apps crashed such as
- WhatsApp for Android devices including Marshmallow, Lollipop and Kitkat (shame they are not actual foods)
- WhatsApp Web for Chrome, Opera and Firefox.
In lieu of you guys thinking that I may be am making all this stuff up. I got a video demonstration as a proof for y’all. Look below:
Now to protect the app from this.
As the new bug is fairly new, facebook will take some time to patch it up.
But before that Bhuyan gives a simple solution, to delete the entire message along with the whole conversation with the whole conversation you had with the sender, but this deletes all the records of all the chat with the sender ” friend”. Well, security before friendship…..I think.
“How long will it take you to do this to a friend after you finish reading? It took me a whole of 5 seconds.”