Sign up to our free weekly IndyTech newsletter delivered straight to your inbox
Sign up to our free IndyTech newsletter
Security experts have discovered a vulnerability in WhatsApp, that could have allowed hackers to take over “hundreds of millions” of users’ accounts and access everything in them.
The flaw was discovered by Check Point and reported to WhatsApp on 7 March. The company has since taken steps to fix the issue.
It affected WhatsApp’s online platform, WhatsApp Web, which allows users to chat with their friends from a computer instead of their phone.
Gadget and tech news: In pictures
Show all 25
By sending a target malicious code hidden within an innocent-looking image, hackers could gain access to their WhatsApp storage data and take control of their account. What’s more, from this position they could also carry out the same attack on all of the victim’s contacts.
“The WhatsApp upload file mechanism supports several document types such as Office Documents, PDF, Audio files, Video and images,” explains Check Point. “Each of the supported types can be uploaded and sent to WhatsApp clients as an attachment.
“However, Check Point’s research team has managed to bypass the mechanism’s restrictions by uploading a malicious HTML document with a legitimate preview of an image in order to fool a victim to click on the document in order to takeover his account.”
A similar flaw was discovered on rival messaging app Telegram.
“WhatsApp and Telegram use end-to-end message encryption as a data security measure, to ensure that only the people communicating can read the messages, and nobody in between,” said Check Point.
“Yet, the same end-to-end encryption was also the source of this vulnerability. Since messages were encrypted on the side of the sender, WhatsApp and Telegram were blind to the content, and were therefore unable to prevent malicious content from being sent.
“After fixing this vulnerability, content will now be validated before the encryption, allowing malicious files to be blocked.”
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies