Cybersecurity Awareness
- - - Live Hacking Event
    - Experience how attackers proceed, attack companies and steal data. We show you realistically how a cyber attack works. Entertaining, individual and exciting.
- - - Managed Phishing Simulation
    - We carry out individual or continuous phishing simulations together with you. Automatic, event-driven or recurring – we adapt to your wishes and requirements.
Offensive Security
- - - Penetration test
    - We attack systems within the scope of application in an organized and systematic manner and inform you immediately about high and critical security gaps. We then support you in eliminating the security gaps.
- - - Vulnerability scan
    - We use established tools to quickly and efficiently find out which systems are vulnerable, either internally or externally. We filter and check the results and support you in remedying them.
- - - 360° SME analysis
    - For small and medium-sized companies, we offer a cost-effective package that gives you an overview of the vulnerability of your internal and external infrastructure.
Consulting
- - - ISMS Consulting
    - We support you in setting up and expanding your information security management system (ISMS) and, if required, help you to achieve ISO 27001 certification.
- - - External (Chief) Information Security Officer
    - By appointing an information security officer, you fulfill requirements, have a single point of contact and are able to implement measures professionally and appropriately.
Ressources
- - - Blog
    - Read our free IT security blog and find out about news, vulnerabilities and threats.
  - - Success stories
    - Find out more about the projects we have completed for a wide range of clients.
- - - Media package
    - Whether logo, colors or images. Download our materials now free of charge to promote your event.

WhatsApp failure due to unreadable message!

06/06/2024

WhatsApp failure due to unreadable message!

The popular Messenger WhatsApp is frequently featured in our blog posts. In today’s blog post, we discuss a WhatsApp failure that could cause the app to crash and require reinstallation. This WhatsApp vulnerability is worth mentioning because it can be triggered by an unreadable message. How this message looks like and how you can protect yourself from this attack is explained in this article.

Unreadable message causes WhatsApp failure

The origin of these unreadable messages, also called “Scary Messages”, comes from Brazil, where according to WEBetaInfo they are a big and widespread problem. The message contains nothing but characters that cannot be read by WhatsApp. If you open such a message from your cell phone, the app will crash immediately. Afterwards the victims have no other option than to uninstall the app and then download it again.

The reason for this reaction on the part of the app is a bug, this bug causes a collection of characters that WhatsApp cannot read to cause the app to crash. The same bug can also be triggered when a virtual contact (VCF) is filled with unreadable characters and is opened in Messenger on a cell phone.

https://twitter.com/Ian_Oli_01/status/1294732138328338438

Protection against this attack

Protecting yourself against such messages is not so easy, because basically every WhatsApp user can write to all other WhatsApp users as long as they have the correct cell phone number. However, there are 2 ways to protect yourself relatively well against this attack and thus the WhatsApp disruption.

You should specify that you can only be added to groups by your contacts. Such messages are mostly distributed in groups so that as many people as possible can be attacked with minimal effort. This setting can be found and set under “Account” – “Privacy” – “Groups”.

Another option is to use WhatsApp in the period when this bug exists only via the desktop version WhatsApp-Web. If you open the dangerous messages via the desktop version nothing happens, because the bug exists only in the mobile versions of WhatsApp.

Chris Wojzechowski

Mein Name ist Chris Wojzechowski und ich habe vor wenigen Jahren meinen Master in Internet-Sicherheit in Gelsenkirchen studiert. Ich bin geschäftsführender Gesellschafter der AWARE7 GmbH und ausgebildeter IT-Risk Manager, IT-Grundschutz Praktiker (TÜV) und besitze die Prüfverfahrenskompetenz für § 8a BSIG. Unser Brot und Buttergeschäft ist die Durchführung von Penetrationstests. Wir setzen uns darüber hinaus für ein breites Verständnis für IT-Sicherheit in Europa ein und bieten aus diesem Grund den Großteil unserer Produkte kostenfrei an.

AWARE7 GmbH

Munscheidstr. 14
45886 Gelsenkirchen

Tel. +49 (0) 209 - 8830 6760

Fax. +49 (0) 209 - 8830 6769

Mail info@aware7.de

Opening hours
Monday - Friday
8:00 - 17:00

COMPANY

Code of Conduct

AWARENESS

Live Hacking Show

Managed Phishing Simulation

RESOURCES

IT-Security Blog

Success Stories

OFFENSIVE SERVICES

Penetration test

Vulnerability scan

IT security emergency

360° SME analysis

CONTACT

Call for proposal (CfP)

CONSULTING

ISMS consulting

External information security officer

Imprint Privacy policy