Check Point researchers today revealed Vulnerability-related.DiscoverVulnerability a new vulnerability on WhatsApp and Telegram ’ s online platforms – WhatsApp Web & Telegram Web . By exploiting this vulnerability , attackers could completely take over user accounts , and access Attack.Databreach victims ’ personal and group conversations , photos , videos and other shared files , contact lists , and more . The vulnerability allows an attacker to send the victim malicious code , hidden within an innocent looking image . As soon as the user clicks on the image , the attacker can gain full access Attack.Databreach to the victim ’ s WhatsApp or Telegram storage data , thus giving full access to the victim ’ s account . The attacker can then send the malicious file to all the victim ’ s contacts , potentially enabling a widespread attack . Check Point disclosed Vulnerability-related.DiscoverVulnerability this information to the WhatsApp and Telegram security teams on March 8 , 2017 . WhatsApp and Telegram acknowledged Vulnerability-related.DiscoverVulnerability the security issue and developed Vulnerability-related.PatchVulnerability fixes for worldwide web clients . “ Thankfully , WhatsApp and Telegram responded quickly Vulnerability-related.DiscoverVulnerability and responsibly to deploy the mitigation against exploitation of this issue in all web clients , ” said Oded Vanunu , head of product vulnerability research at Check Point . WhatsApp Web users wishing to ensure that they are using the latest version are advised to restart their browser . WhatsApp and Telegram use end-to-end message encryption as a data security measure , to ensure that only the people communicating can read the messages , and nobody in between . Yet , the same end-to-end encryption was also the source of this vulnerability . Since messages were encrypted on the side of the sender , WhatsApp and Telegram were blind to the content , and were therefore unable to prevent malicious content from being sent . After fixing Vulnerability-related.PatchVulnerability this vulnerability , content will now be validated before the encryption , allowing malicious files to be blocked . Both web versions mirror all messages sent and received by the user on the mobile app , and are fully synced with users ’ devices

A flaw in popular messenger apps WhatsApp and Telegram , which could allow hackers to gain access to hundreds of millions of accounts using the very encryption software designed to keep them out , has been discovered Vulnerability-related.DiscoverVulnerability by cyber security firm Check Point . The Israeli multinational said it was concerned about vulnerabilities in the messaging apps , following WikiLeaks ’ ‘ Vault 7 ’ release of more than 8,500 CIA documents . “ One of the most concerning revelations arising from the recent WikiLeaks publication is the possibility that government organizations can compromise WhatsApp , Telegram and other end-to-end encrypted chat applications , ” the company said in a blog post . These online versions mirror all messages sent and received by a user ’ s mobile device , which deploys end-to-end encryption so that only those sending and receiving messages can view the content . Hackers could gain access to a user ’ s account , however , by booby-trapping a digital image with malicious code which would be activated once the image is viewed . The code could then spread like a virus by sending infected messages to a user 's contacts . “ This means that attackers could potentially download your photos and or post them online , send messages on your behalf , demand ransom Attack.Ransom , and even take over your friends ’ accounts , ” they added . Check Point said Vulnerability-related.DiscoverVulnerability it alerted Vulnerability-related.DiscoverVulnerability both companies to the problem last week and waited for the issues to be resolved Vulnerability-related.PatchVulnerability before making it public . Both companies have said they ’ ve since patched the problem . “ Thankfully , WhatsApp and Telegram responded quickly Vulnerability-related.DiscoverVulnerability and responsibly to deploy the mitigation against exploitation of this issue in all web clients , ” Check Point Head of Product Vulnerability Oded Vanunu said . The company has advised , however , that WhatsApp and Telegram web users should restart their browser to ensure they ’ re using the latest versions of the service