WhatsApp and Telegram’s online platforms had a bug that allowed hackers to take full control of anyone’s account by sending a simple image to a user.
Check Point Software researchers revealed in a blog post yesterday that if hackers had exploited the hack, they would have been in control of all the victims’ conversations, photos, files and contact lists.
“This means that attackers could potentially download your photos and or post them online, send messages on your behalf, demand ransom, and even take over your friends’ accounts,” the blog reads.
According to Check Point, the source of the issue was the end-to-end encryption the platforms use to ensure chat privacy.
All hackers had to do was send an innocent-looking image that hid malicious coding to a user. Once the user opened the image, their accounts were compromised.
Both WhatsApp and Telegram users were left vulnerable to an exploit that could allow hackers to take over accounts
And because WhatsApp and Telegram aren’t able to view private chats, the companies were oblivious to the issue until Check Point disclosed it.
The information was disclosed on 7 March, and, according to Check Point, the companies worked quickly to fix the bug.
“Both companies have verified and acknowledged the security issue and developed a fix for web clients worldwide soon after,” it writes. “WhatsApp and Telegram web users wishing to ensure that they are using the latest version are advised to restart their browser.”
This is the second time the company has revealed a vulnerability to WhatsApp.
“In September 2015, we revealed another vulnerability in WhatsApp Web, which allowed hackers to send users a seemingly innocent vCard containing malicious code,” the blog reads.
Featured image: Hernán Piñera via Flickr (CC 2.0, resized)