Click to Skip Ad
Closing in...

Hackers can own any WhatsApp account with one malicious meme

Published Mar 15th, 2017 4:02PM EDT
WhatsApp and Telegram Image Hack
Image: AP/REX/Shutterstock

WhatsApp and Telegram are two instant messaging apps that have more than a billion users between them. They offer encrypted communications, convenient messaging, and a bunch of other features that don’t get the headlines. But new research reveals that a malware-injected image would have been enough to steal someone’s WhatsApp or Telegram web accounts. It’d take only a few seconds after which the attacker would gain complete control over accounts, including access to images, video, audio files, and contacts. And encryption would actually help with this sort of hack.

The vulnerability worked on the desktop versions of the apps, so if you’re not using WhatsApp or Telegram on your computer, then you were already safe.

Security researchers found that malicious code can be hidden inside an image. When clicked, the picture file executes the code, and the attacker gets full access to the WhatsApp and/or Telegram storage data. The attacker could then send the file to all of the victim’s contacts, spreading the malware to other targets.

Discovered by Check Point, the vulnerability was shared with WhatsApp and Telegram on March 8th, and both companies have already deployed fixes for their desktop clients.

Interestingly, it’s the end-to-end encryption feature of these apps that would have helped hackers take advantage of the flaw. Because the contents of chats are end-to-end encrypted, it means that neither WhatsApp nor Telegram could see the malware hidden in a shared malicious image. That means both companies would be blind to the content, allowing malicious code to be passed back and forth between users.

Henceforward, content will be validated before the encryption, Check Point explains, which would block malicious files.

Chris Smith
Chris Smith Senior Writer

Chris Smith has been covering consumer electronics ever since the iPhone revolutionized the industry in 2008. When he’s not writing about the most recent tech news for BGR, he closely follows the events in Marvel’s Cinematic Universe and other blockbuster franchises. Outside of work, you’ll catch him streaming almost every new movie and TV show release as soon as it's available.