The Hackr

Vulnerability Allows Hackers to Take Over WhatsApp and Telegram Accounts

Two popular end-to-end encrypted messaging services  WhatsApp and  Telegram have patched their respective web clients against a new security vulnerability.

Researchers from Israeli firm Check Point, have discovered this security issue that allows an attacker to take over user accounts just by having a user simply click on a picture.

One click on the image might hack your account within seconds.

The hack only affected the browser-based versions of WhatsApp and Telegram. So, users relying on the mobile apps are not vulnerable to the attack.

According to Checkpoint security researchers, this vulnerability allows attackers to upload and send malicious code hidden inside HTML files.

Both WhatsApp and Telegram would show a preview image for these links, making users believe they were accessing a video or image.

 

vulnerability attack method

 

Attacker’s Access to Browser’s LocalStorage

When users clicked the links, malicious JavaScript code in HTML files would execute and steal data from user’s browser localStorage.

In layman’s terms, localStorage is a term that describes a local container in the user’s browser where data about a web application is stored.

The type of data usually found in localStorage containers includes user’s friends list, chat history, and past file transfers.

This eventually allowed attackers to take full access to the user’s account on any browser. The attacker can then view and manipulate chat sessions, access victim’s personal and group chats, photos, videos, other shared files.

To make this attack widespread, the attacker can then send the malware-laden image to everyone on the victim’s contact list.

One hijacked account could be led to countless compromises by leapfrogging accounts.

The researchers also provided a video demonstration, given below which shows the attack in action.

 

Why This Vulnerability Went Undetected ?

Both WhatsApp and Telegram use end-to-end encryption for its messages to ensure that nobody, except the sender and the receiver, can read the messages in between.

However, this same end-to-end encryption security measure was also the source of this vulnerability.

WhatsApp and Telegram had no idea that malicious code was being sent to the receiver because of encryption of messages on sender’s side.

“Since messages were encrypted without being validated first, WhatsApp and Telegram were blind to the content, thus making them unable to prevent malicious content from being sent,” the researchers writes in a blog post.

Check Point informed both WhatsApp and Telegram of this flaw last week. WhatsApp fixed the flaw within 24 hours on Thursday, March 8, while Telegram patched the issue on Monday.

The patch was a server-side fix, meaning users don’t have to do anything, instead, they need browser restart.

The fix was an update to the way both services scan transfer files. Both WhatsApp and Telegram now validate the content of file transfers before the encryption process. Now, this fix blocks malicious files from attacking.

 

Guys, share your information about this vulnerability in comment box.

Abhilash

It was a hobby I got into a long time ago, hacking cameras. And I am here making posts @TheHackr today!

Chat With Our Bot ☎️

IntroducingTheHackr Chatbot,now anyone can interact with our messenger bot and get daily crunches about Cyber-Security in just a clicks away!

up