Research Shows Way for Compromising Telegram and WhatsApp User-Accounts
Telegram and WhatsApp happen to be 2 instant messaging (IM) applications which support over 1bn people having accounts on them. The applications provide convenient messaging, encrypted communications along with several other facilities which are apparently unknown. However, an image injected with malware may sufficiently enable for breaking into the web-accounts of anyone on Telegram or WhatsApp.
The hack would require just some seconds by when the attacker wholly controls the A/Cs and accesses audio and video files, images along with all contacts. Further, the encryption feature does much to assist in the kind of hack.
Security Company Check Point, while testing WhatsApp managed creating a malevolent graphic which though looked nothing unusual in preview, however, took end-users onto one HTML page that harbored malware. Soon as that page was loaded it regained the entire data saved locally, letting the attacker to well compromise his victim's A/C.
And through the simple act of dispatching one innocuous-appearing image, the attacker acquires hold of the account, gains admission into message history along with every photo which the victim user shared, while may also dispatch messages in the victim's name. Theverge.com posted this, March 15, 2017.
Attackers as above effectively used the security flaw on WhatsApp and Telegram applications' desktop versions, therefore, users without the two on their PCs remained safe.
In WhatsApp's instance, the vulnerability becomes ineffective for mass surveillance or botnets with the end-user purposely viewing the sent graphic. The flaw was even hard for using on Telegram, whereby the end-user required playing the video followed with opening it inside certain distinct Chrome tab.
Interestingly, the two applications' whole encryption facility would've enabled attackers abuse the flaw. As contents in chat messaging application get encrypted end-to-end, the implication is that both Telegram and WhatsApp couldn't notice the malware concealed inside any shared malevolent graphic. That further implies the 2 companies wouldn't at all review the content thereby letting malware circulate among end-users. The service used for distributing malware/virus attacks makes it even harder to scan the malicious wares.
Henceforth, there'll be validation of content before encryption that would stop flow of malware-laden files, explains Check Point.
» SPAMfighter News - 21-03-2017