Cyber security firm Check Point Security disclosed a new method of reliably hijacking WhatsApp and Telegram accounts using malware that was previously disguised as an image file. The attack takes advantage of a method used by both WhatsApp and Telegram to process images, GIFs, and other multimedia files as it allows hackers to send attachments that look like ordinary multimedia files but redirect users to an HTML page that’s filled with malware. After a user clicks on the attachment in WhatsApp or Telegram and the page loads, it retrieves all of the locally stored data on their device and can consequently allow attackers to take control of their account. In other words, a single photo allows hackers to do anything from retrieving someone’s message and multimedia history to stealing their other data that can be used to identify them.
While alarming, the method still requires users to carelessly open a file, meaning it can hardly be employed for the purposes of quickly creating botnets or conducting mass surveillance, though it’s still extremely effective as a tool for targeted attacks on individual WhatsApp and Telegram accounts. Check Point Security notified both Telegram and WhatsApp about the vulnerability earlier this month and the companies have patched their apps in the meantime. Neither WhatsApp nor Telegram specifically announced that they’ve patched the issue, but the latest versions of their products cannot be compromised in the way outlined above. The patch was distributed as a server-side update, meaning that all users of WhatsApp and Telegram are safe even if they haven’t updated their apps from the Google Play Store in a while.
Some cyber security experts say that this vulnerability may have existed due to the fact that neither WhatsApp nor Telegram can read the contents of the messages their users are exchanging due to end-to-end encryption. Due to the fact that they didn’t have a method for intercepting messages, scanning them for any malicious code was extremely challenging, especially since they didn’t know what they were looking for. Refer to the gallery below to see some images depicting how Check Point Security’s attack looks in practice.
