New WhatsApp vulnerability: a wave of emoticons that can block an application

Emoticons are worth a thousand words, at least when you use WhatsApp. We are already accustomed to expressing our thoughts and feelings with the help of these colorful characters - be it smiling faces, some objects or even animals, and therefore it is sometimes difficult to imagine communication without them. In fact, as part of a recent study by Swiftkey in the United States, it was possible to find out the most popular emoticons in each of the states, and in some of them the researchers obtained very unusual results, such as laughing turd, which has become the most popular emoticon in Vermont.


')
So, due to the widespread use of emoticons, cyber-criminals did not take too long to realize that they could benefit from these emoticons, and some had already begun to use them to their advantage.

Following the scams held in WhatsApp in 2015 , such as a message inviting you to download new emoticons, as a result of which your contacts are being stolen from you, 2016 began with a new vulnerability in this application used by over 900 million users worldwide.

Indrazhiit Bhuyan , an 18-year-old from India, recently discovered that a cyber-criminal or even a friend who decided to play a trick on you could take advantage of a WhatsApp system crash to block your account remotely.

The strategy for carrying out such an attack is quite simple: all you need is to send thousands of emoticons in one message and the application will automatically close. Bhuyan explained the whole process in the Hackatrick blog, where he also talks about his amazing discovery.

After writing from 4200 to 4400 emoticons on WhatsApp, the teenager noticed that the service began to slow down. After the message was sent, it received an error message and the browser remained blocked.

However, when the person to whom he sent this message connected, he received this message. After the recipient opened it, the application stopped working. In this case, WhatsApp offered the usual options for waiting or closing the application. Despite this, the application will be blocked again due to an avalanche of emoticons.

This young blogger showed that the error could happen in different web browsers (Firefox and Google Chrome) and on different versions of Android (Marshmallow, Lollipop and KitKat). Only iPhone devices were able to resist this chaos caused by emoticons, thanks to WhatsApp for iOS, which blocked itself for only a few seconds.



By the way, the problem can be solved very simply. Instead of trying to read a message filled with emoticons, the user should delete the entire chat without entering it. Although for some people this is exactly the reaction that they hope to achieve.

For example, if a user sent messages to another user that may contain personal information, or threatened another user through messages, he could send him such a message with a huge number of emoticons in the hope that the victim would delete the entire message, destroying all the evidence.

Bhuyan also discovered a vulnerability that causes WhatsApp to be disabled with a message consisting of 2,000 special characters , although the developer has since eliminated this vulnerability. He recently informed WhatsApp about his recent discovery, and hopes that this error will be fixed on the next update.