• Magazine
  • NEWS
    • GOVERNANCE
    • STARTUPS
    • BUDGET
    • WORKFORCE
    • PARTNERSHIPS
    • THREATS
    • DATA PRIVACY
    • Regulations & Compliance
  • FEATURES
    • Explainers
  • PODCASTS
  • Get Featured
    • INTERVIEWS
    • WHITEPAPERS
    • INFOGRAPHICS
    • MARKET TRENDS REPORT
      • DATA SECURITY
      • ENDPOINT SECURITY
      • CYBERSECURITY HIRING
      • DIGITAL FORENSICS
    • INNOVATOR’S CORNER
    • HOTSPOT
    • SPECIAL FEATURES
  • Videos
    • VIDEO INTERVIEWS
    • EVENT VIDEOS
    • WEEKLY NEWS
  • WEBINARS
  • EVENTS
    • Upcoming Events
    • Endorsed Events
    • E-Events
    • Masterclass
  • Advertise With Us
Search
Wednesday, April 21, 2021
  • About us
  • Advisory Board
  • Careers
  • Write for CISO MAG
  • Editorial Calendar 2021
  • Login
  • Subscribe Now Subscribe Now Added to cart
CISO MAG  - News and Updates| Cyber Security Magazine CISO MAG | Cyber Security Magazine
Cyber Security Publication
CISO MAG  - News and Updates| Cyber Security Magazine CISO MAG  - News and Updates| Cyber Security Magazine
  • Magazine
  • NEWS
    • GOVERNANCE
    • STARTUPS
    • BUDGET
    • WORKFORCE
    • PARTNERSHIPS
    • THREATS
    • DATA PRIVACY
    • Regulations & Compliance
  • FEATURES
    • Information Technology Internal Audit Considerations Amidst COVID-19

      COVID-19 Cyberthreats

      Cybersecurity After COVID-19

      cybersecurity

      Why DDI Plays an Important (But Overlooked) Role in Zero Trust Security

      Cybersecurity vs Remote Work! CISOs Ignore Security Over Remote Working

      Amid Today’s Threat Landscape, Protecting Active Directory is a CISO-Level Concern

      Malvertising

      Malvertising Mayhem: Here’s Everything You Need to Know

      AllExplainers
  • PODCASTS
  • Get Featured
    • INTERVIEWS
    • WHITEPAPERS
    • INFOGRAPHICS
    • MARKET TRENDS REPORT
      • DATA SECURITY
      • ENDPOINT SECURITY
      • CYBERSECURITY HIRING
      • DIGITAL FORENSICS
    • INNOVATOR’S CORNER
    • HOTSPOT
    • SPECIAL FEATURES
  • Videos
    • VIDEO INTERVIEWS
    • EVENT VIDEOS
    • WEEKLY NEWS
  • WEBINARS
  • EVENTS
    • Upcoming Events
    • Endorsed Events
    • E-Events
    • Masterclass
  • Advertise With Us
  • Advertise in Information security
  • Cybersecurity Hiring 2021
Home News This Vulnerability made WhatsApp and Telegram Account Takeover Possible: Check Point
  • News
  • Threats

This Vulnerability made WhatsApp and Telegram Account Takeover Possible: Check Point

Check Point researchers have found a vulnerability that could have led to millions of WhatsApp and Telegram accounts takeover. Fix has been released.

By
CISOMAG
-
February 22, 2021
SHARE
Facebook
Twitter
WhatsApp and Telegram account takeover

Chat service provider WhatsApp and its competitors like Telegram have always maintained that their products provide end-to-end encryption (E2EE). But the recent turn of events around the globe has raised concerns about these claims. There is a widespread possibility that government and law enforcement organizations could be compromising E2E encrypted chat applications for viewing private data. While this is yet to be proven, a similar mechanism has given rise to a new severe vulnerability, which allows attackers to perform WhatsApp and Telegram account takeovers on its web platform.

The vulnerability, if exploited, would have given attackers access to the victims’ personal and group chats, photos, videos, other shared files, contact lists, and much more. In short, it could be a free pass for attackers in your personal space. They could download photos and sensitive data and demand a ransom in exchange for it. Attackers could also use the victims’ identity to further spread the attack and take over their friends’ accounts.

Related News:

WhatsApp vs Signal vs Telegram: Which is More Viable and Secure?

How the Vulnerability Worked

The vulnerability was first discovered by researchers from Check Point. They explained that the exploitation of the vulnerability began when the attacker sent a specially crafted image file to the victim containing a malicious code. The file could be modified to target the victim with a specific image or content that could interest the user in opening the attachment.

whatsapp and telegram account takeover
Image Credit: Check Point

In WhatsApp, the exploitation of the vulnerability starts when the user clicks to open the image. The malicious code gets executed and allows the attacker free access into the victims’ local storage, where the data is stored. In Telegram, however, the user is required to click twice and open a new tab, for the attacker to access local storage. This leads the attacker to gain full access to the user’s account and data. The most dangerous part about this vulnerability is that it could have allowed the attacker to use victims’ contacts and potentially start an account takeover attack affecting both WhatsApp and Telegram.

It is Now Fixed!

Check Point researchers responsibly disclosed the vulnerability to both WhatsApp and Telegram’s security teams on March 7, 2020. Both companies verified and acknowledged the issue before developing a fix for all their web clients. Researchers recommended that WhatsApp and Telegram web users – who want to ensure if they are using the latest version – are advised to update and restart their browser. The fix gets auto-applied.

  • TAGS
  • account takeover
  • Check Point
  • Checkpoint researchers
  • Telegram
  • Telegram account takeover
  • vulnerability
  • vulnerability disclosure
  • vulnerability exploitation
  • WhatsApp
  • WhatsApp account takeover
SHARE
Facebook
Twitter
Previous articleRethinking Penetration Test Requirements in Cybersecurity Compliance
Next articleDDoS Attacks Intensify in 2020 — Driven in Part by COVID-19 and 5G
CISOMAG
https://cisomag.eccouncil.org/

RELATED ARTICLESMORE FROM AUTHOR

News

API Security Outlook: A Guide to API Security in a Digitally Transformed World

News

Recent WhatsApp Pink and Facebook Messenger Scams Explained

Big Data
News

Chinese State-Actors Exploit Big Data for Financial Benefit



Cybersecurity Hiring Trends

Listen to Our Latest Podcast

Latest Issue is Out!

Cybersecurity Magazines

SUBSCRIBE NOW

Free Webinar on Application Security


FOLLOW US FOR MORE UPDATES

Cyber security editorial calendar 2021

CYBER SHOTS
Quick, punchy updates on Cyber trends, news and links to free resources. Only via Telegram and Signal. Join the groups now!
Click Here Click Here

MOST POPULAR

Research Finds Increase in Botnet and Exploit Activity in Q2 2020

45% companies don’t have cybersecurity leader: Study

CISOMAG - December 11, 2017
s3 bucket security, Unacademy Suffers a Data Breach

Nearly half of companies have suffered a data breach in the past year: Survey

November 15, 2017
Messaging

Mobile messaging apps new hideout of Dark Web activities: Study

October 27, 2017
Kaspersky

NSA hacking code lifted from a personal computer in U.S.: Kaspersky

October 30, 2017

Instagram data breach! 49 million users’ sensitive data exposed online

May 23, 2019

RECENT POSTS

API Security Outlook: A Guide to API Security in a Digitally...

April 21, 2021

Information Technology Internal Audit Considerations Amidst COVID-19

April 21, 2021

Recent WhatsApp Pink and Facebook Messenger Scams Explained

April 20, 2021
COVID-19 Cyberthreats

Cybersecurity After COVID-19

April 20, 2021
Big Data

Chinese State-Actors Exploit Big Data for Financial Benefit

April 20, 2021
Cybersecurity News and Updates, Magazine
CISOMAG is the handbook for Chief Information Security Officer (CISO)s, CXOs, and every stakeholder of safe internet.
Contact us: [email protected]

EVEN MORE NEWS

API Security Outlook: A Guide to API Security in a Digitally...

April 21, 2021

Information Technology Internal Audit Considerations Amidst COVID-19

April 21, 2021

Recent WhatsApp Pink and Facebook Messenger Scams Explained

April 20, 2021

POPULAR CATEGORY

  • News2102
  • Threats1243
  • Features393
  • Partnerships213
  • Governance173
  • Startups160
  • Interviews88
  • Terms of Use
  • Privacy Policy
  • Advertise with us
  • Contact Us
  • MASTERCLASS
© CISOMAG 2020
MORE STORIES
News

API Security Outlook: A Guide to API Security in a Digitally...

CISOMAG - April 21, 2021
0
As application architectures become more cloud-native and based on microservices, Application Programming Interfaces (APIs) have become critical to securing your apps as their primary...
Edit with Live CSS
Save
Write CSS OR LESS and hit save. CTRL + SPACE for auto-complete.