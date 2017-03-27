The vulnerability was more hard to exploit on Telegram, requiring a user to open a video in a separate Chrome tab – something one Telegram representative described as “a very unusual user interaction”. “In Telegram, the user should click again to open a new tab, in order for the attacker to access local storage”.

This security firm says hackers were able to access WhatsApp user accounts by sending a photo file containing malicious code inside it.

A recently disclosed vulnerability by Check Point proved that both WhatsApp and Telegram were susceptible to particularly nefarious online attacks. This bug targetted user accounts via innocent-looking images and multimedia files, which appeared normal on the surface but opened malicious HTML links. One is to regularly clean out the computers that are logged into your WhatsApp and Telegram accounts.

According to researchers, the entry point was an attacker’s ability to upload and send malicious code hidden inside HTML files.

It comes after the recent WikiLeaks publication of sensitive United States intelligence data revealed that American spy agencies like the CIA supposedly had the ability to bypass the encryption on WhatsApp, Telegram and Signal.

While alarming, the method still requires users to carelessly open a file, meaning it can hardly be employed for the purposes of quickly creating botnets or conducting mass surveillance, though it’s still extremely effective as a tool for targeted attacks on individual WhatsApp and Telegram accounts.

Peculiarly, it’s the end-to-end encryption highlight of these apps that would have helped hackers exploit the flaw.

WhatsApp has been around for years and is one of the most used messaging apps in the world.

The web-based versions of WhatsApp and Telegram synchronize automatically with the apps installed on users’ phones. When the user receives the message, they are foxed to believe that they are opening an image file.

Patching the vulnerability involved blocking the code before the messages were encrypted. (Who can resist clicking on a hot new meme sent to you by a complete stranger?) Both services have already responded to Check Point’s disclosure.

Both apps use end-to-end encryption to protect their users’ messages from interception. It reported to WhatsApp on 7 March and since then the messaging platform has taken steps to resolve the issue.

The WhatsApp case was more severe by a few degrees of size since it didn’t require any activities from the users aside from being online.