How one Pic can hack your WhatsApp and Telegram Accounts

Be Careful while clicking on photographs of a cute cat or chick because due to new vulnerability of WhatsApp your personal data can be leaked in seconds.

A new security vulnerability has recently been patched by two popular end-to-end encrypted messaging services — WhatsApp and Telegram — that could have allowed hackers to completely take over user account just by having a user simply click on a picture.

The Hack only affected the browser based versions of WhatsApp and Telegram, so users relying on apps don't have to be worry about this.

Check Point researchers today revealed about this new vulnerability on WhatsApp and Telegram’s online web platforms. By exploiting this vulnerability, attackers could completely take over user accounts, and access user's personal and group conversations, photos, videos and other shared files, contact lists, and  many more.

Vulnerabilty Impact

The vulnerability allows an attacker to send the malicious code to user, hidden within an innocent looking image. As soon as the user clicks on the image, the attacker can gain full access to the victim’s WhatsApp or Telegram storage data, thus giving full access to the victim’s account. 

The Attacker then can steal all the data stored in WhatsApp such as images, Contact list, Videos, Chats etc.

Disclosure And Patching

Check Point disclosed this information to the WhatsApp and Telegram security teams on March 8, 2017. WhatsApp and Telegram acknowledged the security issue and developed fixes for worldwide web clients.

“Thankfully, WhatsApp and Telegram responded quickly and responsibly to deploy the mitigation against exploitation of this issue in all web clients,” said Oded Vanunu, head of product vulnerability research at Check Point. WhatsApp Web users wishing to ensure that they are using the latest version are advised to restart their browser.

Demo of WhatsApp Account Takeover

Demo of Telegram Account Takeover