check point has discovered a vulnerability that allows attackers to take complete control over the messaging services WhatsApp and telegram accounts within a few seconds. However, only the Web version running in the browser applications, but not the mobile apps is affected. Both companies have now eliminated the vulnerability.
unauthorized could a entry in the check-point blog according to chat spy out and manipulate, access the contact list and retrieve any content such as pictures, videos and audios. The vulnerability allowed exploit with any browser.
an attacker had to send his victim is a malicious file. When clicking on the file the browser from malicious code therein contained WhatsApp, allowing the attacker access to all locally stored data of the browser application was. To compromise the browser client by telegram, you had to also open the file in a new tab.
it was then possible to send the dangerous file on all of the user’s contacts. A cracked account would have thus served as a starting point for more attacks and led to a rapid dissemination, if only among users of browser versions by WhatsApp and telegram.
according to the researchers, the end to end encryption used by WhatsApp and telegram to that long time has remained undetected error led. “Because messages are encrypted by the sender, WhatsApp and telegram were blind to the contents and thus not in a position to prevent the shipment of dangerous content”, so the researchers.
to prevent similar attacks, WhatsApp and telegram check content prior to the encryption on any malicious code in the future. Nevertheless the security researcher Kenneth White, Co-Director of the open crypto discourages, audit project (OCAP) browser-based secure messaging apps use. The vulnerability discovered by check point is a perfect example of that browser weakened the security of such messaging applications like WhatsApp and telegram.
check point reported the bug on March 7. WhatsApp and telegram patchten their Web applications for only a short time later. Because users do not have this update will be informed that they should restart their browser to make sure that you use the latest version of the Web client.
telegram charges, however on his blog serious accusations against checkpoint. The company did not properly represented the vulnerability. The telegram client is only vulnerable if a user first launch the video used by check point for the attack and then with a right mouse click on the existing video in addition launch in a new browser tab. Also working the error in telegram – in contrast to WhatsApp – only in the browser . So only users were concerned, had carried out “the strange trick”. “If you, have all done, never such a thing as we, you are not affected,” writes telegram. DISPLAY
has become the networking of vehicles over the last 20 years to a medium for general safety messages and traffic management. But nowadays cars are equipped with new sensors to achieve even better networked and safer driving.
[withmaterialbyTomJowitt Silicon.co.uk ]
tip : what do you know about mobile apps? Check your knowledge – with 15 questions on silicon.de.