Security researcher and WhatsApp aficionado Indrajeet Bhuyan found the bug that affects both the desktop and mobile versions of the app.
According to Bhuyan, he was using the Web version of the service, which allows users to type messages of up to 6,600 characters. Instead of writing text, Bhuyan began inserting smiley emojis, thousands of them. When he got to about 4,200 emojis the browser began to slow down, but since he had not reached the character limit it allowed him to continue, until it crashed. Bhuyan still managed to send his emoji-plagued message, which led him to discover that opening such a message on a mobile will cause WhatsApp to repeatedly crash. You can check out a video demonstration of the flaw above.
The 18-year-old tech whiz tested the bug on the desktop version of the app using Firefox and Chrome browsers. He also tested it on Android devices carrying Marshmallow, Lollipop, and Kitkat versions of Google’s OS. The smartphones he reportedly used in his research included the Moto E, Asus ZenFone, and the OnePlus Two. Bhuyan noted that the message failed to crash the iOS version of WhatsApp, but it did freeze the app for a few seconds.
If you’re afraid someone might use the bug against you (now that we’ve let the cat out of the bag), worry not as there is a solution. Bhuyan claims that deleting the entire chat from the smiley saboteur will prevent WhatsApp from crashing. He has reported the problem to WhatsApp in the hope that a patch will be released.
This isn’t the first time the teenager has discovered a critical flaw in the messaging service. Last year, Bhuyan revealed how a specially constructed message using just 2,000 characters could cause the app to crash. The flaw was reportedly fixed in a WhatsApp update.
- Facebook wants to merge messaging in Messenger, WhatsApp, and Instagram
- Instagram test reveals direct messages may be coming to browsers
- Facebook’s merger plan causing concern among lawmakers and security experts
- The best text messaging apps for Android and iOS
- Twitter keeps your direct messages, even years after you delete them