• Magazine
  • NEWS
    • GOVERNANCE
    • STARTUPS
    • BUDGET
    • WORKFORCE
    • PARTNERSHIPS
    • THREATS
    • DATA PRIVACY
    • Regulations & Compliance
  • FEATURES
  • PODCASTS
  • Get Featured
    • INTERVIEWS
    • INFOGRAPHICS
    • MARKET TRENDS REPORT
      • DATA SECURITY
      • ENDPOINT SECURITY
    • INNOVATOR’S CORNER
    • HOTSPOT
    • SPECIAL FEATURES
  • Videos
    • EVENT VIDEOS
    • WEEKLY NEWS
  • WEBINARS
  • EVENTS
    • Upcoming Events
    • Endorsed Events
    • E-Events
    • Masterclass
  • Advertise with us
Search
Thursday, February 25, 2021
  • About us
  • Advisory Board
  • Careers
  • Write for CISO MAG
  • Editorial Calendar 2021
  • Login
  • SUBSCRIBE
CISO MAG  - News and Updates| Cyber Security Magazine CISO MAG | Cyber Security Magazine
CISO MAG  - News and Updates| Cyber Security Magazine CISO MAG  - News and Updates| Cyber Security Magazine
  • Magazine
  • NEWS
    • GOVERNANCE
    • STARTUPS
    • BUDGET
    • WORKFORCE
    • PARTNERSHIPS
    • THREATS
    • DATA PRIVACY
    • Regulations & Compliance
  • FEATURES
    • Research Says Misconfiguration as the Primary Cloud Security Threat

      Dancing with the Elephants

      Insider Threats

      Insiders Threats: The Achilles Heel of Organizations

      DDoS Attacks

      DDoS Attacks Intensify in 2020 — Driven in Part by COVID-19 and 5G

      Cybersecurity is standard business practice for most large companies: Survey

      Rethinking Penetration Test Requirements in Cybersecurity Compliance

      Data breach

      How HR and IT Teams Can Streamline to Reduce Risk and Data Theft

  • PODCASTS
  • Get Featured
    • INTERVIEWS
    • INFOGRAPHICS
    • MARKET TRENDS REPORT
      • DATA SECURITY
      • ENDPOINT SECURITY
    • INNOVATOR’S CORNER
    • HOTSPOT
    • SPECIAL FEATURES
  • Videos
    • EVENT VIDEOS
    • WEEKLY NEWS
  • WEBINARS
  • EVENTS
    • Upcoming Events
    • Endorsed Events
    • E-Events
    • Masterclass
  • Advertise with us
Home News This Vulnerability made WhatsApp and Telegram Account Takeover Possible: Check Point
  • News
  • Threats

This Vulnerability made WhatsApp and Telegram Account Takeover Possible: Check Point

Check Point researchers have found a vulnerability that could have led to millions of WhatsApp and Telegram accounts takeover. Fix has been released.

By
CISOMAG
-
February 22, 2021
SHARE
Facebook
Twitter
WhatsApp and Telegram account takeover

Chat service provider WhatsApp and its competitors like Telegram have always maintained that their products provide end-to-end encryption (E2EE). But the recent turn of events around the globe has raised concerns about these claims. There is a widespread possibility that government and law enforcement organizations could be compromising E2E encrypted chat applications for viewing private data. While this is yet to be proven, a similar mechanism has given rise to a new severe vulnerability, which allows attackers to perform WhatsApp and Telegram account takeovers on its web platform.

The vulnerability, if exploited, would have given attackers access to the victims’ personal and group chats, photos, videos, other shared files, contact lists, and much more. In short, it could be a free pass for attackers in your personal space. They could download photos and sensitive data and demand a ransom in exchange for it. Attackers could also use the victims’ identity to further spread the attack and take over their friends’ accounts.

Related News:

WhatsApp vs Signal vs Telegram: Which is More Viable and Secure?

How the Vulnerability Worked

The vulnerability was first discovered by researchers from Check Point. They explained that the exploitation of the vulnerability began when the attacker sent a specially crafted image file to the victim containing a malicious code. The file could be modified to target the victim with a specific image or content that could interest the user in opening the attachment.

whatsapp and telegram account takeover
Image Credit: Check Point

In WhatsApp, the exploitation of the vulnerability starts when the user clicks to open the image. The malicious code gets executed and allows the attacker free access into the victims’ local storage, where the data is stored. In Telegram, however, the user is required to click twice and open a new tab, for the attacker to access local storage. This leads the attacker to gain full access to the user’s account and data. The most dangerous part about this vulnerability is that it could have allowed the attacker to use victims’ contacts and potentially start an account takeover attack affecting both WhatsApp and Telegram.

It is Now Fixed!

Check Point researchers responsibly disclosed the vulnerability to both WhatsApp and Telegram’s security teams on March 7, 2020. Both companies verified and acknowledged the issue before developing a fix for all their web clients. Researchers recommended that WhatsApp and Telegram web users – who want to ensure if they are using the latest version – are advised to update and restart their browser. The fix gets auto-applied.

  • TAGS
  • account takeover
  • Check Point
  • Checkpoint researchers
  • Telegram
  • Telegram account takeover
  • vulnerability
  • vulnerability disclosure
  • vulnerability exploitation
  • WhatsApp
  • WhatsApp account takeover
SHARE
Facebook
Twitter
Previous articleRethinking Penetration Test Requirements in Cybersecurity Compliance
Next articleDDoS Attacks Intensify in 2020 — Driven in Part by COVID-19 and 5G
CISOMAG
https://cisomag.eccouncil.org/

RELATED ARTICLESMORE FROM AUTHOR

Vietnam
News

APT32 Hackers Target Vietnamese Human Rights Defenders in Spyware Attacks

News

IBM Fixes Critical Vulnerabilities in Java Runtime, Planning Analytics Workspace

Ukraine accused Russia for Cyberattacks
News

Russian Networks Accused of Carrying Out Massive Cyberattack on Ukraine



EXCLUSIVE

CISO MAG Market Trends Report on Endpoint Security - 2020, endpoint security market trends, endpoint security 2020, endpoint security, endpoint security report,

CISO MAG Market Trends Report on Endpoint Security – 2020

CISOMAG - January 24, 2021
0
SecTalks

FOLLOW US FOR MORE UPDATES

Latest Issue is Out!

Evolution of Ransomware

Cyber security editorial calendar 2021

Listen to Our Latest Podcast

CYBER SHOTS
Quick, punchy updates on Cyber trends, news and links to free resources. Only via Telegram and Signal. Join the groups now!
Click Here Click Here

MOST POPULAR

Research Finds Increase in Botnet and Exploit Activity in Q2 2020

45% companies don’t have cybersecurity leader: Study

CISOMAG - December 11, 2017
s3 bucket security, Unacademy Suffers a Data Breach

Nearly half of companies have suffered a data breach in the past year: Survey

November 15, 2017
Messaging

Mobile messaging apps new hideout of Dark Web activities: Study

October 27, 2017
Kaspersky

NSA hacking code lifted from a personal computer in U.S.: Kaspersky

October 30, 2017

Instagram data breach! 49 million users’ sensitive data exposed online

May 23, 2019

RECENT POSTS

Research Says Misconfiguration as the Primary Cloud Security Threat

Dancing with the Elephants

February 25, 2021
Vietnam

APT32 Hackers Target Vietnamese Human Rights Defenders in Spyware Attacks

February 24, 2021

IBM Fixes Critical Vulnerabilities in Java Runtime, Planning Analytics Workspace

February 24, 2021
Ukraine accused Russia for Cyberattacks

Russian Networks Accused of Carrying Out Massive Cyberattack on Ukraine

February 24, 2021
Lazarus Hackers North Korea

In Action: Lazarus Group Develops New AppleJeus Malware for Cryptocurrency Theft

February 24, 2021
Cybersecurity News and Updates, Magazine
CISOMAG is the handbook for Chief Information Security Officer (CISO)s, CXOs, and every stakeholder of safe internet.
Contact us: [email protected]

EVEN MORE NEWS

Research Says Misconfiguration as the Primary Cloud Security Threat

Dancing with the Elephants

February 25, 2021
Vietnam

APT32 Hackers Target Vietnamese Human Rights Defenders in Spyware Attacks

February 24, 2021

IBM Fixes Critical Vulnerabilities in Java Runtime, Planning Analytics Workspace

February 24, 2021

POPULAR CATEGORY

  • News1985
  • Threats1139
  • Features337
  • Partnerships212
  • Governance173
  • Startups160
  • Interviews75
  • Terms of Use
  • Privacy Policy
  • Advertise with us
  • Contact Us
  • MASTERCLASS
© CISOMAG 2020
MORE STORIES
Research Says Misconfiguration as the Primary Cloud Security Threat
Features

Dancing with the Elephants

CISOMAG - February 25, 2021
0
Undoubtedly, the year 2020 has been an inflection point for propelling increasingly more data to the cloud for superior management, predictive analysis, and secure...
Edit with Live CSS
Save
Write CSS OR LESS and hit save. CTRL + SPACE for auto-complete.