Check point discloses how hackers can take over WhatsApp & Telegram accounts
The new vulnerability found on WhatsApp Web & Telegram Web allowed hackers to gain control over accounts, including chats, images, video and audio, and contacts.
By Nilesh Christopher, ET Bureau | Updated:
BENGALURU: Cybersecurity firm Check Point Software Technologies revealed a new vulnerability on popular messaging services WhatsApp & Telegram’s online platforms which allow hackers to take over user accounts and access victim's’ personal information.
The new vulnerability found on WhatsApp Web & Telegram Web allowed hackers to gain control over accounts, including chats, images, video and audio, and contacts.
Check Point disclosed this information to the WhatsApp and Telegram security teams on March 8, 2017 and the issue has since been fixed,Check Point said in a press statement.
“This new vulnerability put hundreds of millions of WhatsApp Web and Telegram Web users at risk of complete account take over,” said Oded Vanunu, head of product vulnerability research at Check Point. “By simply sending an innocent looking photo, an attacker could gain control over the account, access message history, all photos that were ever shared, and send messages on behalf of the user”
The messaging service WhatsApp has over 1 billion users worldwide, while telegram has over 100 million monthly active users. “Thankfully, WhatsApp and Telegram responded quickly and responsibly to deploy the mitigation against exploitation of this issue in all web clients,” Vanunu added.
Since messages were encrypted on the side of the sender, WhatsApp and Telegram were blind to the content, and were therefore unable to prevent malicious content from being sent. After fixing this vulnerability, content will now be validated before the encryption, allowing malicious files to be blocked, the release said.
Check Point Software Technologies is an Israel-based cyber security vendor globally, providing solutions and protecting customers from cyberattacks.
The new vulnerability found on WhatsApp Web & Telegram Web allowed hackers to gain control over accounts, including chats, images, video and audio, and contacts.
Check Point disclosed this information to the WhatsApp and Telegram security teams on March 8, 2017 and the issue has since been fixed,Check Point said in a press statement.
“This new vulnerability put hundreds of millions of WhatsApp Web and Telegram Web users at risk of complete account take over,” said Oded Vanunu, head of product vulnerability research at Check Point. “By simply sending an innocent looking photo, an attacker could gain control over the account, access message history, all photos that were ever shared, and send messages on behalf of the user”
The messaging service WhatsApp has over 1 billion users worldwide, while telegram has over 100 million monthly active users. “Thankfully, WhatsApp and Telegram responded quickly and responsibly to deploy the mitigation against exploitation of this issue in all web clients,” Vanunu added.
ADVERTISEMENT
Both WhatsApp and Telegram use end-to-end message encryption as a data security measure, to ensure that only the people communicating can read the messages, and nobody in between. However, it’s the same end-to-end encryption was also the source of this vulnerability, the press release said.Since messages were encrypted on the side of the sender, WhatsApp and Telegram were blind to the content, and were therefore unable to prevent malicious content from being sent. After fixing this vulnerability, content will now be validated before the encryption, allowing malicious files to be blocked, the release said.
Check Point Software Technologies is an Israel-based cyber security vendor globally, providing solutions and protecting customers from cyberattacks.
Download
The Economic Times Business News App for the Latest News in Business, Sensex, Stock Market Updates & More.
The Economic Times Business News App for the Latest News in Business, Sensex, Stock Market Updates & More.
Download
The Economic Times News App for Quarterly Results, Latest News in ITR, Business, Share Market, Live Sensex News & More.
The Economic Times News App for Quarterly Results, Latest News in ITR, Business, Share Market, Live Sensex News & More.
Related Articles
EU orders Meta to open WhatsApp to rival AI chatbots for freeADVERTISEMENT
