Check Point Software Technologies, an Israeli company, published a study about the vulnerability that allowed hackers to block WhatsApp group chat participants.
Hackers could enter group chats as participants, change certain parameters, and then send out malicious messages using WhatsApp Web. Thus, attackers created a vicious circle of failures for all members of the group chat who were denied access to all functions of the messenger. Users deleted and re-downloaded WhatsApp, but could not return to the conversation. To break the vicious circle of errors, they had to remove the chat itself finally. To date, the problem has been resolved in application versions above 2.19.246.
Also, the vulnerability allowed hackers to decrypt the information of messages sent by users in the chat using the web version that accurately copies all messages and displays them in a browser. The application always checks the phone number of the sender and identifies it.
All this information was enough to replace the participant’s parameter from the sender’s phone number to start the circle of errors. Thus, hackers could receive data from chats and permanently delete them.
The reason for the vulnerability was in the features of the XMPP instant messaging protocol.