WIRED : Malicious uploads allowed hijacking of WhatsApp and Telegram accounts

Check Point's Vanunu and Kobeissi both argue that the WhatsApp vulnerability Check Point found represents a rare and uniquely serious flaw. "That's why these vulnerabilities work, and why they highlight a particular weakness in web apps," Kobeissi says. Special CasesThat doesn't mean that web-based bugs like the one Check Point discovered are an everyday occurrence. The browser will run whatever you give it."It's a form of attack to which web apps are particularly vulnerable, argues Kobeissi. But he concedes that Check Point's findings are a strong example of why those web apps are prone to forms of attack that mobile apps aren't.

WhatsApp and Telegram Vulnerability Should Warn Wary Encrypted Chat Users Off the Web

When WhatsApp switched on end-to-end encryption for its billion-plus users last year, the move heralded a new era for messaging apps, one where foiling virtually all eavesdropping represents the new security standard.But a pair of new attacks on the web versions of those "secure" messengers shows how just a few lines of insecure code can undermine even the most airtight encryption—particularly when they're running in your browser.On Wednesday, Israeli security firm Check Point revealed a new technique that the company says could bypass WhatsApp's end-to-end encryption, by hiding HTML code in a seemingly innocuous image.


One of the most concerning revelations arising from the recent WikiLeaks publication is the possibility that government organizations can compromise WhatsApp, Telegram and other end-to-end encrypted chat applications.While this has yet to be proven, many end-users are concerned as WhatsApp and Telegram use end-to-end encryption to guarantee user privacy.This encryption is designed to ensure that only the people communicating can read the messages and nobody else in between.


read more visit us whatsapp