• Magazine
    • FEBRUARY 2022
    • JANUARY 2022
    • CISO MAG – Archives
  • NEWS
    • GOVERNANCE
    • STARTUPS
    • BUDGET
    • WORKFORCE
    • PARTNERSHIPS
    • THREATS
    • DATA PRIVACY
    • Regulations & Compliance
  • FEATURES
    • Careers
    • Explainers
    • Market Trends Report
    • One Quick Question
    • Trends and Predictions
  • PODCASTS
  • Get Featured
    • READING ROOM
    • INTERVIEWS
    • WHITEPAPERS
    • INFOGRAPHICS
    • MARKET TRENDS REPORT
      • GLOBAL BLOCKCHAIN IMPACT
      • SECURITY INTELLIGENCE REPORT
      • CLOUD FORENSICS
      • DIGITAL FORENSICS
      • CYBERSECURITY HIRING
      • DATA SECURITY
      • ENDPOINT SECURITY
    • INNOVATOR’S CORNER
    • HOTSPOT
    • SPECIAL FEATURES
  • Videos
    • VIDEO INTERVIEWS
    • EVENT VIDEOS
    • WEEKLY NEWS
  • WEBINARS
  • EVENTS
    • Upcoming Events
    • Endorsed Events
    • E-Events
    • Masterclass
Search
Sunday, March 26, 2023
  • About us
  • Advisory Board
  • Careers
  • Write for CISO MAG
  • Editorial Calendar
CISO MAG  - News and Updates| Cyber Security Magazine CISO MAG | Cyber Security Magazine
CISO MAG  - News and Updates| Cyber Security Magazine CISO MAG  - News and Updates| Cyber Security Magazine
  • Magazine
    • FEBRUARY 2022
    • JANUARY 2022
    • CISO MAG – Archives
  • NEWS
    • GOVERNANCE
    • STARTUPS
    • BUDGET
    • WORKFORCE
    • PARTNERSHIPS
    • THREATS
    • DATA PRIVACY
    • Regulations & Compliance
  • FEATURES
    • free-online-cybersecurity-courses-certifications
      Embark on a Cybersecurity Career with the Top Three Free Online Cybersecurity Courses
      PSTI IoT Bill, Common IoT Attacks
      3 Common IoT Attacks that Compromise Security
      Steganography attack
      How to Prevent Steganography Attacks
      Brainjacking
      How Brainjacking Became a New Cybersecurity Risk in Health Care
      Malicious QR Codes
      How Cybercriminals Exploit QR Codes to Their Advantage
      AllCareersExplainersMarket Trends ReportOne Quick QuestionTrends and Predictions
  • PODCASTS
  • Get Featured
    • READING ROOM
    • INTERVIEWS
    • WHITEPAPERS
    • INFOGRAPHICS
    • MARKET TRENDS REPORT
      • GLOBAL BLOCKCHAIN IMPACT
      • SECURITY INTELLIGENCE REPORT
      • CLOUD FORENSICS
      • DIGITAL FORENSICS
      • CYBERSECURITY HIRING
      • DATA SECURITY
      • ENDPOINT SECURITY
    • INNOVATOR’S CORNER
    • HOTSPOT
    • SPECIAL FEATURES
  • Videos
    • VIDEO INTERVIEWS
    • EVENT VIDEOS
    • WEEKLY NEWS
  • WEBINARS
  • EVENTS
    • Upcoming Events
    • Endorsed Events
    • E-Events
    • Masterclass
Home News This Vulnerability made WhatsApp and Telegram Account Takeover Possible: Check Point
  • News
  • Threats

This Vulnerability made WhatsApp and Telegram Account Takeover Possible: Check Point

Check Point researchers have found a vulnerability that could have led to millions of WhatsApp and Telegram accounts takeover. Fix has been released.

By
CISOMAG
-
February 22, 2021
Facebook
Twitter
Pinterest
WhatsApp
    FMWhatsapp

    Chat service provider WhatsApp and its competitors like Telegram have always maintained that their products provide end-to-end encryption (E2EE). But the recent turn of events around the globe has raised concerns about these claims. There is a widespread possibility that government and law enforcement organizations could be compromising E2E encrypted chat applications for viewing private data. While this is yet to be proven, a similar mechanism has given rise to a new severe vulnerability, which allows attackers to perform WhatsApp and Telegram account takeovers on its web platform.

    The vulnerability, if exploited, would have given attackers access to the victims’ personal and group chats, photos, videos, other shared files, contact lists, and much more. In short, it could be a free pass for attackers in your personal space. They could download photos and sensitive data and demand a ransom in exchange for it. Attackers could also use the victims’ identity to further spread the attack and take over their friends’ accounts.

    Related News:

    WhatsApp vs Signal vs Telegram: Which is More Viable and Secure?

    How the Vulnerability Worked

    The vulnerability was first discovered by researchers from Check Point. They explained that the exploitation of the vulnerability began when the attacker sent a specially crafted image file to the victim containing a malicious code. The file could be modified to target the victim with a specific image or content that could interest the user in opening the attachment.

    whatsapp and telegram account takeover
    Image Credit: Check Point

    In WhatsApp, the exploitation of the vulnerability starts when the user clicks to open the image. The malicious code gets executed and allows the attacker free access into the victims’ local storage, where the data is stored. In Telegram, however, the user is required to click twice and open a new tab, for the attacker to access local storage. This leads the attacker to gain full access to the user’s account and data. The most dangerous part about this vulnerability is that it could have allowed the attacker to use victims’ contacts and potentially start an account takeover attack affecting both WhatsApp and Telegram.

    It is Now Fixed!

    Check Point researchers responsibly disclosed the vulnerability to both WhatsApp and Telegram’s security teams on March 7, 2020. Both companies verified and acknowledged the issue before developing a fix for all their web clients. Researchers recommended that WhatsApp and Telegram web users – who want to ensure if they are using the latest version – are advised to update and restart their browser. The fix gets auto-applied.

    • TAGS
    • account takeover
    • Check Point
    • Checkpoint researchers
    • Telegram
    • Telegram account takeover
    • vulnerability
    • vulnerability disclosure
    • vulnerability exploitation
    • WhatsApp
    • WhatsApp account takeover
    Facebook
    Twitter
    Pinterest
    WhatsApp
      Previous articleRethinking Penetration Test Requirements in Cybersecurity Compliance
      Next articleDDoS Attacks Intensify in 2020 — Driven in Part by COVID-19 and 5G
      CISOMAG
      https://cisomag.com/

      RELATED ARTICLESMORE FROM AUTHOR

      PSTI IoT Bill, Common IoT Attacks
      Features

      3 Common IoT Attacks that Compromise Security

      SIM Swapping
      News

      FBI Issues a Lookout for SIM Swapping Attacks

      remote work, Remote workforce security
      News

      How Remote Work Increase Digital Anxiety



      Latest Issue is Out!


      FOLLOW US FOR MORE UPDATES


      CYBER SHOTS
      Quick, punchy updates on Cyber trends, news and links to free resources. Only via Telegram and Signal. Join the groups now!
      Click Here Click Here

      MOST POPULAR

      Research Finds Increase in Botnet and Exploit Activity in Q2 2020

      45% companies don’t have cybersecurity leader: Study

      CISOMAG - December 11, 2017
      DEO data breach

      Nearly half of companies have suffered a data breach in the past year: Survey

      November 15, 2017
      Messaging

      Mobile messaging apps new hideout of Dark Web activities: Study

      October 27, 2017
      Kaspersky

      NSA hacking code lifted from a personal computer in U.S.: Kaspersky

      October 30, 2017

      Instagram data breach! 49 million users’ sensitive data exposed online

      May 23, 2019

      RECENT POSTS

      free-online-cybersecurity-courses-certifications

      Embark on a Cybersecurity Career with the Top Three Free Online...

      October 31, 2022
      PSTI IoT Bill, Common IoT Attacks

      3 Common IoT Attacks that Compromise Security

      February 23, 2022
      Steganography attack

      How to Prevent Steganography Attacks

      February 22, 2022
      Brainjacking

      How Brainjacking Became a New Cybersecurity Risk in Health Care

      February 21, 2022
      Malicious QR Codes

      How Cybercriminals Exploit QR Codes to Their Advantage

      February 20, 2022
      Cybersecurity News and Updates, Magazine
      CISOMAG is the handbook for Chief Information Security Officer (CISO)s, CXOs, and every stakeholder of safe internet.
      Contact us: [email protected]

      EVEN MORE NEWS

      free-online-cybersecurity-courses-certifications

      Embark on a Cybersecurity Career with the Top Three Free Online...

      October 31, 2022
      PSTI IoT Bill, Common IoT Attacks

      3 Common IoT Attacks that Compromise Security

      February 23, 2022
      Steganography attack

      How to Prevent Steganography Attacks

      February 22, 2022

      POPULAR CATEGORY

      • News2554
      • Threats1657
      • Features595
      • Partnerships215
      • Governance191
      • Startups161
      • Interviews121
      • Terms of Use
      • Privacy Policy
      • Advertise with us
      • Contact Us
      • MASTERCLASS
      © CISOMAG 2020
      We Care
      Ensuring that you get the best experience is our only purpose for using cookies. If you wish to continue, please accept. You are welcome to provide a controlled consent by visiting the cookie settings. For any further queries or information, please see our privacy policy.
      Do not sell my personal information.
      Cookie SettingsAccept
      Manage consent

      Privacy Overview

      This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
      Necessary
      Always Enabled
      Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
      CookieDurationDescription
      cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
      cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
      cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
      cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
      cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
      viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
      Functional
      Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
      Performance
      Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
      Analytics
      Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
      Advertisement
      Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
      Others
      Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
      SAVE & ACCEPT
      MORE STORIES
      free-online-cybersecurity-courses-certifications
      Features

      Embark on a Cybersecurity Career with the Top Three Free Online...

      CISOMAG - October 31, 2022 0
      Free online cybersecurity courses are a great place to start your learning journey if you’re considering a career in this field. Enrolling in a...