WhatsApp messages that crash recipients’ phones instantly and forces them to delete and reinstall the app have reportedly been doing the rounds.
When opened, the messages, which contain a long string of unfamiliar numbers and characters, cause WhatsApp to freeze.
The issue is caused by a software bug that prevents WhatsApp from processing the combination of characters in the messages, leading to an ‘infinite crash’.
This has resulted in some WhatsApp users who had not recently backed up their conversations losing their entire chat histories permanently.
Independent WhatsApp experts WABetaInfo were alerted of the issue by a user on Twitter and detailed the problem in a blog post.
The weird code and character combinations reportedly originated in Brazil, where it was becoming a particular problem for users.
The issue only affected devices that use iOS and Android devices were not affected, according to WhatsApp.
WhatsApp experts WABetaInfo were altered of the bug on Twitter. A WhatsApp contact might send a message that contains many weird characters, which the app might interpret the wrong way and crash
‘The combination of these characters create a situation where WhatsApp isn’t able to process the message, determining an infinite crash,’ said WABetaInfo.
‘If you find any dangerous message, do not send it just for fun – your friends might lose their chat history if they haven’t a recent backup,’ it warned.
WhatsApp told MailOnline that the issue has now been resolved.
‘WhatsApp has released and already begun rolling out a patch that addresses this in its latest iOS software update,’ it said in a statement to MailOnline.
HOW TO PROTECT AGAINST THE BUG
Go to Settings indicated by the three vertical dots in the top right.
Then go to Account > Privacy > Groups.
Select either ‘My contacts’ or My contacts except…’ and press ‘DONE’.
This prevents other unknown contacts adding you to groups, sending a scary message.
‘As with any tech product, we strongly encourage users to keep their WhatsApp app and mobile operating system up to date and download updates whenever they’re available.’
The bug was detailed thoroughly by WABetaInfo.
The blog explains that, even when users close and reopen WhatsApp, it is still frozen and continues to crash.
The user’s only option is to uninstall and reinstall the app, which could lead to them losing all their chat history.
WhatsApp users are advised to beware of messages from unknown contacts, which may contain the characters.
Rather than opening them on their phone to find out, users should log in using WhatsApp Web, the platform’s desktop application, to block the sender and delete the message if possible, WABetaInfo advised.
They should then set their group privacy settings to ‘My Contacts’ or ‘My Contacts except’, instead of ‘Everyone’.
‘If WhatsApp Web isn’t able to reach your device (because WhatsApp is repeatedly crashing) or you haven’t a WhatsApp Web session enabled, unfortunately you must reinstall WhatsApp, losing your chat history,’ WABetaInfo said.
The messaging app said it has begun rolling out a patch that addresses the bug in its latest iOS software update
‘For this reason I recommend to back up your chat history at least once a week, if you care your messages.’
The problem may have stemmed from tweaked, unauthorised versions of WhatsApp, know as WhatsApp ‘mods’.
Mods tend to be more prone to attack by hackers as they lack end-to-end encryption, meaning strangers can access the private contents of a message.
Mods aren’t recommended because they might alter the WhatsApp code behaviour, meaning WhatsApp cannot ensure messages are correctly encrypted.
The messages can also be passed on by vCards, a file format standard for electronic business cards that lets users easily add contacts to their address book.
Each vCard may contain 100 contacts, each with a ‘very long weird name’ that contains a crash code.
Earlier this year, WhatsApp had to fix an issue that caused some users’ phone numbers to show up in Google search results.
According to researcher Athul Jayaram, the issue affected at least 300,000 phone numbers which appeared in Google when searching for, ‘site:we.me’.
The numbers were indexed by Google because WhatsApp failed to request that they be ignored by the search giant’s web crawler.
END-TO-END ENCRYPTION: ONLY THE TWO USERS IN A CONVERSATION CAN READ MESSAGES
End-to-end encryption ensures only the two participants of a chat can read messages, and no one in between – not even the company that owns the service.
End-to-end encryption is intended to prevent data being read or secretly modified when it is in transit between the two parties.
The cryptographic keys needed to access the service are automatically provided only to the two people in each conversation.
In decrypted form, messages are accessible by a third party – which makes them interceptable by governments for law enforcement reasons.
Facebook-owned WhatsApp is already encrypted, and now Mark Zuckerberg is looking to do the same with Facebook Messenger and Instagram Direct.
The privacy standard is controversial, however – last year, UK children’s charity the NSPCC said Facebook’s plans to encrypt its messages will turn the website into a ‘one-stop grooming shop’ for paedophiles.
Charity bosses are concerned that Zuckerberg’s now delayed plans to boost the privacy protection could make it much harder to detect criminal activity across its sites.