collected by :Molly Tony
as mentioned in Check Point Security Tips While WhatsApp & Telegram have patched this vulnerability, as a general practice we recommend the following preventive measures:Periodically clean logged-in computers from your WhatsApp & Telegram.
Nevertheless, this same mechanism has also been the origin of a new severe vulnerability we have discovered in both messaging services’ online platform – WhatsApp Web and Telegram Web.
In September 2015, we revealed another vulnerability in WhatsApp Web, which allowed hackers to send users a seemingly innocent vCard containing malicious code.
WhatsApp and Telegram web users wishing to ensure that they are using the latest version are advised to restart their browser.
One of the most concerning revelations arising from the recent WikiLeaks publication is the possibility that government organizations can compromise WhatsApp, Telegram and other end-to-end encrypted chat applications.
Research Shows Way for Compromising Telegram and WhatsApp User-Accounts
as mentioned in Research Shows Way for Compromising Telegram and WhatsApp User-Accounts Telegram and WhatsApp happen to be 2 instant messaging (IM) applications which support over 1bn people having accounts on them.
However, an image injected with malware may sufficiently enable for breaking into the web-accounts of anyone on Telegram or WhatsApp.
Attackers as above effectively used the security flaw on WhatsApp and Telegram applications’ desktop versions, therefore, users without the two on their PCs remained safe.
As contents in chat messaging application get encrypted end-to-end, the implication is that both Telegram and WhatsApp couldn’t notice the malware concealed inside any shared malevolent graphic.
The applications provide convenient messaging, encrypted communications along with several other facilities which are apparently unknown.
WhatsApp: Check point discloses how hackers can take over WhatsApp & Telegram accounts
as mentioned in BENGALURU: Cybersecurity firm Check Point Software Technologies revealed a new vulnerability on popular messaging services WhatsApp & Telegram’s online platforms which allow hackers to take over user accounts and access victim’s’ personal information.The new vulnerability found on WhatsApp Web & Telegram Web allowed hackers to gain control over accounts, including chats, images, video and audio, and contacts.Check Point disclosed this information to the WhatsApp and Telegram security teams on March 8, 2017 and the issue has since been fixed,Check Point said in a press statement.“This new vulnerability put hundreds of millions of WhatsApp Web and Telegram Web users at risk of complete account take over,” said Oded Vanunu , head of product vulnerability research at Check Point.
After fixing this vulnerability, content will now be validated before the encryption, allowing malicious files to be blocked, the release said.Check Point Software Technologies is an Israel-based cyber security vendor globally, providing solutions and protecting customers from cyberattacks.
“Thankfully, WhatsApp and Telegram responded quickly and responsibly to deploy the mitigation against exploitation of this issue in all web clients,” Vanunu added.Both WhatsApp and Telegram use end-to-end message encryption as a data security measure, to ensure that only the people communicating can read the messages, and nobody in between.
However, it’s the same end-to-end encryption was also the source of this vulnerability, the press release said.Since messages were encrypted on the side of the sender, WhatsApp and Telegram were blind to the content, and were therefore unable to prevent malicious content from being sent.
“By simply sending an innocent looking photo, an attacker could gain control over the account, access message history, all photos that were ever shared, and send messages on behalf of the user”The messaging service WhatsApp has over 1 billion users worldwide, while telegram has over 100 million monthly active users.