Express Computer
Home  »  News  »  How hackers can take over millions of WhatsApp and Telegram accounts in seconds

How hackers can take over millions of WhatsApp and Telegram accounts in seconds

0 472

Check Point Software Technologies researchers today revealed a new vulnerability on WhatsApp & Telegram’s online platforms– WhatsApp Web& Telegram Web– two of the world’s most popular messaging services. By exploiting this vulnerability, attackers could completely take over user accounts, and access victims’ personal and group conversations, photos, videos and other shared files, contact lists, and more.

“This new vulnerability put hundreds of millions of WhatsApp Web and Telegram Web users at risk of complete account take over,” says Oded Vanunu, head of product vulnerability research at Check Point. “By simply sending an innocent looking photo, an attacker could gain control over the account, access message history, all photos that were ever shared, and send messages on behalf of the user.”

The vulnerability allows an attacker to send the victim malicious code, hidden within an innocent looking image. As soon asthe user clicks on the image, the attacker can gain full access to the victim’s WhatsApp or Telegram storage data, thus giving full access to the victim’s account. The attacker can then send the malicious file to all the victim’s contacts, potentially enabling a widespread attack.

Whatsapp vulnerability
Check Point disclosed this information to the WhatsApp and Telegram security teams on March 8, 2017. WhatsApp and Telegram acknowledged the security issue and developed fixes for world wide web clients.“Thankfully, WhatsApp and Telegram responded quickly and responsibly to deploy the mitigation against exploitation of this issue in all web clients,” said Oded Vanunu. WhatsApp web users wishing to ensure that they are using the latest version are advised to restart their browser.

WhatsApp and Telegram use end-to-end message encryption as a data security measure, to ensure that only the people communicating can read the messages, and nobody in between. Yet, the same end-to-end encryption was also the source of this vulnerability. Since messages were encrypted on the side of the sender, WhatsApp and Telegram were blind to the content, and were therefore unable to prevent malicious content from being sent. After fixing this vulnerability, content will now be validated before the encryption, allowing malicious files to be blocked.

Both web versions mirror all messages sent and received by the user on the mobile app, and are fully synced with users’ devices

WhatsApp has over 1 billion users worldwide, making it the most prevalent instant messaging service available today. The company’s web version is available on all browsers and WhatsApp supported platforms,including Android, iPhone (iOS), Windows Phone 8.x, BlackBerry, BB10 and Nokia smartphones. Telegram is a cloud-based mobile and desktop messaging app that has over 100 million monthly active users, delivering over 15 billion messages daily.

Get real time updates directly on you device, subscribe now.

Leave A Reply

Your email address will not be published.

LIVE Webinar

Digitize your HR practice with extensions to success factors

Join us for a virtual meeting on how organizations can use these extensions to not just provide a better experience to its’ employees, but also to significantly improve the efficiency of the HR processes
REGISTER NOW 

Stay updated with News, Trending Stories & Conferences with Express Computer
Follow us on Linkedin
India's Leading e-Governance Summit is here!!! Attend and Know more.
Register Now!
close-image
Attend Webinar & Enhance Your Organisation's Digital Experience.
Register Now
close-image
Enable A Truly Seamless & Secure Workplace.
Register Now
close-image
Attend Inida's Largest BFSI Technology Conclave!
Register Now
close-image
Know how to protect your company in digital era.
Register Now
close-image
Protect Your Critical Assets From Well-Organized Hackers
Register Now
close-image
Find Solutions to Maintain Productivity
Register Now
close-image
Live Webinar : Improve customer experience with Voice Bots
Register Now
close-image
Live Event: Technology Day- Kerala, E- Governance Champions Awards
Register Now
close-image
Virtual Conference : Learn to Automate complex Business Processes
Register Now
close-image