New Method Of Hijacking WhatsApp, Telegram Accounts Revealed

Cyber security firm Check Point Security disclosed a new method of reliably hijacking WhatsApp and Telegram accounts using malware that was previously disguised as an image file. The attack takes advantage of a method used by both WhatsApp and Telegram to process images, GIFs, and other multimedia files as it allows hackers to send attachments that look like ordinary multimedia files but redirect users to an HTML page that's filled with malware. After a user clicks on the attachment in WhatsApp or Telegram and the page loads, it retrieves all of the locally stored data on their device and can consequently allow attackers to take control of their account. In other words, a single photo allows hackers to do anything from retrieving someone's message and multimedia history to stealing their other data that can be used to identify them.

While alarming, the method still requires users to carelessly open a file, meaning it can hardly be employed for the purposes of quickly creating botnets or conducting mass surveillance, though it's still extremely effective as a tool for targeted attacks on individual WhatsApp and Telegram accounts. Check Point Security notified both Telegram and WhatsApp about the vulnerability earlier this month and the companies have patched their apps in the meantime. Neither WhatsApp nor Telegram specifically announced that they've patched the issue, but the latest versions of their products cannot be compromised in the way outlined above. The patch was distributed as a server-side update, meaning that all users of WhatsApp and Telegram are safe even if they haven't updated their apps from the Google Play Store in a while.

Some cyber security experts say that this vulnerability may have existed due to the fact that neither WhatsApp nor Telegram can read the contents of the messages their users are exchanging due to end-to-end encryption. Due to the fact that they didn't have a method for intercepting messages, scanning them for any malicious code was extremely challenging, especially since they didn't know what they were looking for. Refer to the gallery below to see some images depicting how Check Point Security's attack looks in practice.

You May Like These
More Like This:
About the Author
2018/10/2018-10-23.jpg

Dominik Bosnjak

Head Editor
Dominik started at AndroidHeadlines in 2016 and is the Head Editor of the site today. He’s approaching his first full decade in the media industry, with his background being primarily in technology, gaming, and entertainment. These days, his focus is more on the political side of the tech game, as well as data privacy issues, with him looking at both of those through the prism of Android. Contact him at [email protected]
Android Headlines We Are Hiring Apply Now