It has been announced by researchers from Check Point Security that a there is a new attack targeting WhatsApp and Telegram apps. It specifically targets the way the chat services process images and multimedia files. Checkpoint Security was able to craft a malicious image that affects WhatsApp that appears to be a normal image but redirects to a malware infected HTML page and in turn retrieve all locally stored data and effectively hijack the user’s account.
It is hard to recognize upfront since the image seems to be a normal photo but it can access photos, message history and send messages on demand.
They have reported their findings to both chat services and in turn, they have changed the way their file validation works to protect against the vulnerability.
In the case of WhatsApp, it works when the user opens up the sent image, which makes the exploit impractical for botnets or mass surveillance. However, with Telegram, it is much difficult since it requires the user to run the video and then have it opened on a separate chrome tab.
“We build WhatsApp to keep people and their information secure,” as announced by WhatsApp spokesperson. “When Check Point reported the issue, we addressed it within a day and released an update of WhatsApp for web. To ensure that you are using the latest version, please restart your browser.”
Their major difference between email and chat services is that WhatsApp and Telegram have no way of reading messages sent between users.
This end-to-end encryption made it a lot feasible for the malicious image to go unnoticed and more difficult to scan for viruses and malicious attacks being sent using the service.