| Recurring |
unknown |
(a) The software failure incident related to the WhatsApp bug that allowed hackers to crash the app by sending a message has not been reported to have happened again within the same organization (WhatsApp) or with its products and services. The bug was discovered by cyber security experts and promptly patched by WhatsApp after being reported [93342].
(b) There is no information in the provided article about the software failure incident happening again at other organizations or with their products and services. |
| Phase (Design/Operation) |
design, operation |
(a) The software failure incident in the WhatsApp app can be attributed to a design flaw in the way the app detects user phone numbers and turns them into names. The bug was exploited by inserting a 'non-digit character' in a group chat, causing the entire conversation to crash [93342].
(b) The operation of the system, in this case, the WhatsApp app, was impacted as users were prompted to reinstall the app in order to fix the problem caused by the bug. The bug led to a crash loop, preventing users from returning to the group chat and resulting in the loss of all data shared in the group [93342]. |
| Boundary (Internal/External) |
within_system |
(a) within_system: The software failure incident related to the WhatsApp bug was caused by a flaw within the WhatsApp code itself. The bug allowed hackers to crash the app by sending a specific message in a group chat, exploiting a vulnerability in the way the app detects user phone numbers and turns them into names [93342]. The bug was discovered by researchers looking for weaknesses in the WhatsApp code, indicating an internal issue within the system that led to the failure. |
| Nature (Human/Non-human) |
non-human_actions, human_actions |
(a) The software failure incident in the WhatsApp app was due to non-human actions, specifically a bug in the app's code that allowed for a crash to occur when a message with a specific non-digit character was sent in a group chat. This bug was discovered by cyber security experts as part of WhatsApp's bug bounty program [93342].
(b) Human actions were involved in the discovery and exploitation of the bug that led to the software failure incident. The researchers from Check Point who found the flaw were actively looking for weaknesses in the WhatsApp code and were able to exploit the bug by inserting a 'non-digit character' in a group chat message. They described how they managed to exploit the bug in a blog post [93342]. |
| Dimension (Hardware/Software) |
software |
(a) The software failure incident reported in the article is due to contributing factors that originate in software. The incident was caused by a WhatsApp bug that allowed hackers to crash the app by sending a specific message containing a 'non-digit character' in a group chat. This bug exploited a flaw in the way the app detects user phone numbers and turns them into names, leading to a crash loop and loss of data in the affected group chats [93342]. |
| Objective (Malicious/Non-malicious) |
malicious |
(a) The software failure incident in this case is malicious. The WhatsApp bug that allowed hackers to crash the app by sending a message was discovered by cyber security experts with expert hacker skills [93342]. The bug was exploited by inserting a 'non-digit character' in a group chat, causing the entire conversation to crash and resulting in a crash loop that deleted all data in the group [93342]. The impact of this vulnerability was described as potentially tremendous, compromising the availability of the app, which is crucial for daily activities [93342].
(b) There is no information in the articles to suggest that the software failure incident was non-malicious. |
| Intent (Poor/Accidental Decisions) |
accidental_decisions |
(a) The intent of the software failure incident was not due to poor decisions but rather due to a bug in the WhatsApp code that allowed hackers to crash the app by sending a specific message with a 'non-digit character' in a group chat. The bug was discovered by cyber security experts as part of WhatsApp's bug bounty program, where researchers look for weaknesses in the code and report them to the company for a reward [93342]. |
| Capability (Incompetence/Accidental) |
development_incompetence, accidental |
(a) The software failure incident in the WhatsApp bug can be attributed to development incompetence. The bug was discovered by cyber security experts who were actively looking for weaknesses in the WhatsApp code [93342]. The flaw was found in the way the app detects user phone numbers and turns them into names, which was exploited by inserting a 'non-digit character' to crash the app [93342]. This indicates that the bug was a result of a coding oversight or vulnerability introduced during the development process.
(b) The software failure incident can also be considered accidental as the bug was not intentionally created by the developers but was discovered by researchers during their investigation for vulnerabilities in the WhatsApp code [93342]. The Check Point researchers who found the flaw described how they were able to exploit it by inserting a 'non-digit character' in a group chat, causing the app to crash [93342]. This suggests that the incident was accidental in nature, as it was not a deliberate act by the developers to cause the app to crash. |
| Duration |
temporary |
(a) The software failure incident described in the article is temporary. The bug discovered in WhatsApp allowed hackers to crash the app by sending a specific message with a non-digit character in a group chat. This bug caused the app to crash and enter into a crash loop, making it impossible for users to return to the group and resulting in the loss of all data shared in the group. However, WhatsApp was made aware of the problem by researchers and patched it in an update around three months ago, ensuring most users are now protected from this hack [93342]. |
| Behaviour |
crash, other |
(a) crash: The software failure incident described in the article is related to a crash. The bug discovered in WhatsApp allowed hackers to crash the app by sending a specific message in a group chat. The crash resulted in the app continuously crashing even after reopening it, leading to a crash loop. Additionally, the group chat data was lost, and the group had to be deleted to stop the crash [93342].
(b) omission: The software failure incident does not specifically mention a failure due to the system omitting to perform its intended functions at an instance(s).
(c) timing: The software failure incident does not relate to a failure due to the system performing its intended functions correctly but too late or too early.
(d) value: The software failure incident is not about a failure due to the system performing its intended functions incorrectly.
(e) byzantine: The software failure incident does not involve a failure due to the system behaving erroneously with inconsistent responses and interactions.
(f) other: The behavior of the software failure incident is specifically related to a crash caused by a bug in the WhatsApp code that allowed hackers to exploit it by sending a message with a specific character in a group chat, resulting in a continuous crash loop and loss of group chat data [93342]. |