Even after providing end-to-end encryption by leading messaging platforms like WhatsApp and Telegram millions of web versions users of both platforms are at risk of being hijacked.
The vulnerability discovered by Israeli computer security firm Check Point. According to Check Point report, hackers can get control over accounts ( WhatsApp and Telegram ) and access personal data using an image.
Personal data includes, contacts and shared files and private messages. Hackers can also send messages on your behalf.
End-to-end encryption was designed to ensure that nobody else can read your conversation in between, but this vulnerability is allowing hackers to take control over your account.
To hack attacker will need to send an innocent looking file to the victim, which contains malicious code. Once the victim clicks to open it, the malicious file allows the attacker to access WhatsApp’s local storage, where user personal data is stored. Boom !
Check Point disclosed this information to WhatsApp’s and Telegram’s security teams on March 7th. Both companies have verified and acknowledged the security issue and developed a fix for web clients worldwide soon after.
Oded Vanunu ( head of product vulnerability at Check Point ) said, Thankfully, WhatsApp and Telegram responded quickly and responsibly to deploy the mitigation against exploitation of this issue in all web clients.
Here is how it works: