Vulnerability within WhatsApp and Telegram could give hackers control of your account

Researchers over at Check Point Security have discovered a new vulnerability within WhatsApp and Telegram"s web platforms, WhatsApp Web & Telegram Web, that could easily grant hackers access and complete control of your account.

WhatsApp and Telegram are two popular instant messaging platforms that use end-to-end encryption as a security measure. This ensures that the conversation is strictly between the people involved, with no other entities included.

“This new vulnerability put hundreds of millions of WhatsApp Web and Telegram Web users at risk of complete account take over,” says Oded Vanunu, head of product vulnerability research at Check Point. “By simply sending an innocent looking photo, an attacker could gain control over the account, access message history, all photos that were ever shared, and send messages on behalf of the user.”

The vulnerability mentioned by the security firm allows attackers to send a victim malicious code, which is wrapped within a harmless-looking image. Once the receiver clicks the image, the attacker can gain access to the victim"s WhatsApp or Telegram storage data, basically giving them full access to the account. With the hacker gaining control of the victim"s account, they can now spread the malicious image to other people, potentially enabling a widespread attack.

The vulnerability was disclosed to WhatsApp and Telegram"s security teams, and has since been acknowledged. According to Check Point, the two messaging platforms have delivered fixes for the said exploit. "Since messages were encrypted without being validated first, WhatsApp and Telegram were blind to the content, thus making them unable to prevent malicious content from being sent," according to the company.

Users wishing to ensure that their messaging clients are updated to the latest version are advised to restart the web browser they used to launch WhatsApp Web or Telegram Web.

Source: Check Point

Report a problem with article
Next Article

HMD Global commits to monthly Android security updates for Nokia devices

Previous Article

UK government department tells staff to stop bashing President Trump on Twitter