Wednesday March 15, 2017

Vulnerability in WhatsApp and Telegram Allowed Complete Account Takeover

Well, it looks like the CIA might have been slacking on this one, as they were apparently unaware of any method to break popular encrypted messaging clients remotely, instead having to take the circuitous route of first compromising the handset itself in order to listen in on communications.

HelpNetSecurity has disclosed that up until recently it was possible to send a innocent image containing malicious code to WhatsApp and Telegram clients. Once clicked, the attacker would gain complete access to their accounts, accessing all conversations, photos, videos, etc. The root of the issue seemed to be that since the messages were end-to-end encrypted, WhatsApp and Telegram couldn't filter transmissions for malicious content. The Whatsapp and Telegram teams apparently did a good job at responding quickly to this vulnerability and patching it up.

News Image

"Thankfully, WhatsApp and Telegram responded quickly and responsibly to deploy the mitigation against exploitation of this issue in all web clients," said Oded Vanunu, head of product vulnerability research at Check Point. WhatsApp Web users wishing to ensure that they are using the latest version are advised to restart their browser.

Discussion