New vulnerability revealed in WhatsApp and Telegram, allowed hackers to gain complete control over user accounts. Image Credit: de Volkskrant
New vulnerability revealed in WhatsApp and Telegram, allowed hackers to gain complete control over user accounts. Image Credit: de Volkskrant

Check Point Software Technologies Ltd researchers have revealed a new vulnerability on WhatsApp & Telegram’s online platforms – WhatsApp Web & Telegram Web – two of the world’s most popular messaging services with over 1 Billion and 100 Million monthly users respectively.

By simply sending a photo, an attacker could gain control over user’s accounts, access message history, all photos that were ever shared, and also send messages on behalf of the user. The vulnerability allows an attacker to send the victim malicious code, hidden within a photo and as soon as the user clicks on the image, the attacker can gain full access to the victim’s WhatsApp or Telegram storage data, thus giving full access to the victim’s account.

“This new vulnerability put hundreds of millions of WhatsApp Web and Telegram Web users at risk of complete account take over,” Doros Hadjizenonos; Country Manager of Check Point South Africa said in a press statement.

Check Point disclosed this information to the WhatsApp and Telegram security teams earlier this month, and the teams have since acknowledged the security issue and developed fixes for worldwide web clients.

“Thankfully, WhatsApp and Telegram responded quickly and responsibly to deploy the mitigation against exploitation of this issue in all web clients,” Doros said.

WhatsApp and Telegram web users wishing to ensure that they are using the latest version are advised to restart their browser.

Check Point still reported that WhatsApp and Telegram end-to-end message encryption was also the source of this vulnerability, since messages were also encrypted on the side of the sender, making it impossible for the social media platforms to prevent the malicious content from being sent.

However, after fixing this vulnerability, Check Point says content will now be validated before the encryption, allowing malicious files to be blocked.