Recon 2025 - Call, Crash, Repeat: Hacking WhatsApp Presenter: Luke McLaren This talk explores three separate vulnerabilities uncovered in WhatsApp across multiple platforms - iOS, Android, and MacOS - affecting both end-to-end encrypted messaging and calling features. I’ll walk through each bug, including a URL validation flaw (iOS), an XMPP parsing bug leading to native vulnerabilities in PJSIP (all platforms), and a logic issue that allowed unauthorized video streams during group voice chats (Android). Attendees will get a deep dive into WhatsApp’s architecture, including cross-platform compilation quirks and native XMPP signaling. The talk will also cover reverse engineering strategies and practical bug-hunting methodologies for complex mobile apps.