The experts at Check Point have discovered a method by which it is possible to intercept any account in WhatsApp and Telegram. Method is to encrypt the image link that leads to a site with a special code.
When the victim clicks on it, the HTML page will remove all locally stored data, allowing attackers to “hijack” the account. “Just sending a seemingly innocuous photos, the hacker can take over the account to access the correspondence, all photos and messages sent on behalf of the user,” — said the representative of Check Point’s Oded Vanunu.
According to him, WhatsApp the victim was enough to open the picture to lose access to chats, contacts, and profile. In a Telegram to execute the attack was more difficult: the user was required to launch the video in a separate tab in Chrome.
The experts advised the developers on a breach of security on March 8, after which both services have developed an update that modify the testing protocols downloadable file to correct the problem. The users of WhatsApp and Telegram, which I want to make sure using the latest version, it is recommended to restart the browser.
This is not the first case when hackers use images for hacking. At the end of last year, ESET detected a “malware”, affecting users of popular web sites. As it turned out, the malicious script was encoded in the alpha channel promotional GIF images. Hiding in pixels “sifco”, the virus was able to remain undetected for two years.