The more popular a software is, the more it attracts and appeal hackers and security researchers.
WhatsApp is one of them, and it was found that bad actors are trying to crash the app to cause inconvenience to users. This time, an exploit dubbed the 'Scary Messages' is text bombing users.
What started in mid-August, has grown to a whole wider regions and become a widespread issue.
According to a report from Whatsapp community blog WABetaInfo, the 'Scary Messages' that originated in Brazil contains a series of randomly placed special characters and makes no sense in terms of meaning or creative arts like many WhatsApp forwards people know.
But once received, the messages can make WhatsApp to fail to understand the meaning, causing the app to crash on loop.
Force-closing WhatsApp, and even restarting it won't solve the problem.
In other words, receiving the code will make WhatsApp to infinitely crash, meaning the only solution is to uninstall and reinstall the app.
I receive this report every day, really, in particular from Brazilian users.
Unfortunately it's not a fake news.@WhatsApp should really consider this big issue. pic.twitter.com/wG33YOQZMC— WABetaInfo (@WABetaInfo) August 6, 2020
The codes inside the 'Scary Messages' are actually vCards, which is a file format standard to trade contacts. The 'Scary Messages' however, could contain 100 contacts, each with a registered name designed to crash the app.
The registered names are very long, and can also altered, edited to inject certain payload to make situations worse.
WABetaInfo called it 'Scary Messages' because there wasn't a general name for it.
Users have also started to name the scary messages using some terms, like: Travar, Binario, Contact bomb, TravaZap or simply Crashers.
Before WhatsApp can fix the issue, users are advised not to open chat sessions nor read messages from unknown numbers or contacts.
They should also change their WhatsApp settings to help protect their apps from interference.
They can do this by going to the settings and change the 'Who can add me to groups' from 'Everyone' to 'My Contacts' or 'My Contacts except..' This will significantly reduce the risk of being added to a group used to pass over the malicious messages.
It is also recommended that users who receive a message containing a string of random characters, to log in to their WhatsApp’s web application to manually block the sender and try deleting the message.
While users can sometimes solve the issue by removing the message when they are already logged in to WhatsApp for the web, or by reinstalling WhatsApp, the solutions can leave users without either their most recent backup, or nothing at all, in case the solutions don't work.
This is what makes the bug pretty annoying.
The "crash code" bug is incredibly similar to one that IPhones and IPads earlier this 2020.
At that time, iOS users receiving text with certain character from Sindhi, the official language spoken by the Sindhi people in the Pakistani province of Sindh, can have their devices to crash.