WhatsApp flaw let hackers hijack accounts with image trick

WhatsApp flaw let hackers hijack accounts with image trick

Cyber criminals could hijack users’ WhatsApp and Telegram accounts by sending specially-crafted malicious images, according to security experts.

Researchers from Check Point found that a flaw in the way the messaging apps’ web versions process images that could allow attackers to trick victims into clicking links.

By sending what appears to be an innocuous photo, cyber criminals could fool users into opening HTML pages containing malware and hijack their accounts.

“This vulnerability, if exploited, would have allowed attackers to completely take over users’ accounts on any browser, and access victims’ personal and group conversations, photos, videos and other shared files, contact lists and more,” wrote Check Point’s researchers in a blog post explaining the attack.

“This means that attackers could potentially download your photos and or post them online, send messages on your behalf, demand ransom and even take over your friends’ accounts.”

For the attack to work in WhatsApp, a user just had to open the malicious image, while in Telegram they had to open a video in a separate Chrome tab.

“Since messages were encrypted without being validated first, WhatsApp and Telegram were blind to the content, thus making them unable to prevent malicious content from being sent,” the researchers said.

The security firm reported the flaw to the teams behind the apps on March 7th and they have since changed their file validation processes.

“Thankfully, WhatsApp and Telegram responded quickly and responsibly to deploy the mitigation against exploitation of this issue in all web clients,” said Check Point’s Oded Vanunu, adding that users should ensure they are using the most recent versions of the messaging services’ web apps.

Photograph copyright welcomia under licence from Thinkstockphotos.co.uk

Copyright Lyonsdown Limited 2021

Top Articles

RockYou2021 data leak: 8.4 billion passwords compromised

A report shows that 100GB of data which includes 8.4 billion passwords have been recently leaked on the internet, people are being encouraged to secure their accounts.

Hackers Breach Electronic Arts & Steal Game Code

Electronic Arts, one of the world's biggest video game publishers including games such as FIFA, Madden, Sims and Medal of Honor, are the latest company to be hacked.

JBS Foods paid £7.7m in ransom to REvil ransomware gang

JBS Foods, the world’s largest processor of beef and poultry products, has admitted to paying a ransom of $11 million to cyber criminals, a week after it announced that operations…

Related Articles

[s2Member-Login login_redirect=”https://www.teiss.co.uk” /]