Click to Skip Ad
Closing in...

Hackers can own any WhatsApp account with one malicious meme

WhatsApp and Telegram Image Hack

WhatsApp and Telegram are two instant messaging apps that have more than a billion users between them. They offer encrypted communications, convenient messaging, and a bunch of other features that don’t get the headlines. But new research reveals that a malware-injected image would have been enough to steal someone’s WhatsApp or Telegram web accounts. It’d take only a few seconds after which the attacker would gain complete control over accounts, including access to images, video, audio files, and contacts. And encryption would actually help with this sort of hack.

The vulnerability worked on the desktop versions of the apps, so if you’re not using WhatsApp or Telegram on your computer, then you were already safe.

Security researchers found that malicious code can be hidden inside an image. When clicked, the picture file executes the code, and the attacker gets full access to the WhatsApp and/or Telegram storage data. The attacker could then send the file to all of the victim’s contacts, spreading the malware to other targets.

Discovered by Check Point, the vulnerability was shared with WhatsApp and Telegram on March 8th, and both companies have already deployed fixes for their desktop clients.

Interestingly, it’s the end-to-end encryption feature of these apps that would have helped hackers take advantage of the flaw. Because the contents of chats are end-to-end encrypted, it means that neither WhatsApp nor Telegram could see the malware hidden in a shared malicious image. That means both companies would be blind to the content, allowing malicious code to be passed back and forth between users.

Henceforward, content will be validated before the encryption, Check Point explains, which would block malicious files.

Chris Smith started writing about gadgets as a hobby, and before he knew it he was sharing his views on tech stuff with readers around the world. Whenever he's not writing about gadgets he miserably fails to stay away from them, although he desperately tries. But that's not necessarily a bad thing.