Date:16/03/17
Millions of users of the web versions of WhatsApp and Telegram messengers were put at risk of being hijacked because of a serious security flaw.
The vulnerability - which has now been patched - could allow hackers to gain control over accounts and access personal data using a malware-laced image.
The personal data at risk included conversations, contacts and shared files, as well as private messages.
Ironically, the exploit uses the very encryption which is intended to protect messages from prying eyes.
WhatsApp and Telegram both use end-to-end encryption, which is designed to make sure only senders and recipients can view the content of messages.
But an unexpected side effect of this process is that it prevents the apps from being able to check whether message contents include malicious code.
This vulnerability makes it possible for an attacker to booby-trap a file shared via the app, perhaps a meme image, with malicious code.
This would spring into action after the picture is clicked on for viewing, according to Israeli computer security firm Check Point.
The malicious code could then hijack an account and spread itself like a virus by sending infected messages to contacts.
Check Point Software Technologies says that it alerted Telegram and Facebook-owned WhatsApp last week.
Oded Vanunu, head of product vulnerability at Check Point, said: 'This new vulnerability put hundreds of millions of WhatsApp Web and Telegram Web users at risk of complete account take over.
'By simply sending an innocent looking photo, an attacker could gain control over the account, access message history, all photos that were ever shared, and send messages on behalf of the user.'
WhatsApp is one of the most popular instant messaging services in the world with more than a billion users.
Telegram claims only 100 million or so users, but is often cited as a preferred communications tool of jihadists because of encryption to keep messages from the eyes of authorities.
To remedy the security situation, both services are believed to have altered the way they are finding and blocking viruses.
They are now running this process before messages are encrypted.
Hackers could have hijacked MILLIONS of WhatsApp and Telegram accounts using a single photo
Millions of users of the web versions of WhatsApp and Telegram messengers were put at risk of being hijacked because of a serious security flaw.The vulnerability - which has now been patched - could allow hackers to gain control over accounts and access personal data using a malware-laced image.
The personal data at risk included conversations, contacts and shared files, as well as private messages.
Ironically, the exploit uses the very encryption which is intended to protect messages from prying eyes.
WhatsApp and Telegram both use end-to-end encryption, which is designed to make sure only senders and recipients can view the content of messages.
But an unexpected side effect of this process is that it prevents the apps from being able to check whether message contents include malicious code.
This vulnerability makes it possible for an attacker to booby-trap a file shared via the app, perhaps a meme image, with malicious code.
This would spring into action after the picture is clicked on for viewing, according to Israeli computer security firm Check Point.
The malicious code could then hijack an account and spread itself like a virus by sending infected messages to contacts.
Check Point Software Technologies says that it alerted Telegram and Facebook-owned WhatsApp last week.
Oded Vanunu, head of product vulnerability at Check Point, said: 'This new vulnerability put hundreds of millions of WhatsApp Web and Telegram Web users at risk of complete account take over.
'By simply sending an innocent looking photo, an attacker could gain control over the account, access message history, all photos that were ever shared, and send messages on behalf of the user.'
WhatsApp is one of the most popular instant messaging services in the world with more than a billion users.
Telegram claims only 100 million or so users, but is often cited as a preferred communications tool of jihadists because of encryption to keep messages from the eyes of authorities.
To remedy the security situation, both services are believed to have altered the way they are finding and blocking viruses.
They are now running this process before messages are encrypted.
Views: 411
©ictnews.az. All rights reserved.
Similar news
- Cellphone Use May Raise Cancer Risk
- Australian police pushes cyber safety education
- Vietnam aims to lead in e-government
- Senate Website Gets Hacked
- US builds net for cyber war games
- Japan enacts anti-computer virus law
- India passes law vs e-waste
- Anonymous Declares War On The City Of Orlando
- Microsoft highlights evolving dangers as online identity data proliferates
- Consumers want internet security to be provided by banks
- Government facilities targets of cyber attack
- South Korean web attacks might been war drill
- Sri Lanka to Establish National Passport Database to Increase Border Security
- Hi-tech crime agencies set to employ information security professionals
- Phone hacking and online campaign bring down the News of the World
