Over the past few weeks we’ve seen smartphones become the target of various hacks and security variabilities, today we have another one.
On Wednesday, researchers at Check Point Security announced the existence of a new attack against WhatsApp and Telegram. The hack targets the way the developers of both applications instructed their apps to read image files, causing a malware-infused image to open the doors of your smartphone to hackers.
According to the Oded Vanunu, head of product vulnerability research at Check Point, the hack allowed malicious users to gain access to a device “by simply sending an innocent-looking photo.”
“An attacker could gain control over the account, access message history, all photos that were ever shared, and send messages on behalf of the user,” he said.
While the attack was relatively easy to execute, it isn’t a seamless. For the hack to work, the target had to open the image, which led to a website where the hacker could gather cached data from the user’s smartphone.
On Telegram, the exploit was even harder to execute because it required the target to use Google Chrome, as well as open the file in a browser tab other than the one they were currently on.
The venerability was reported to both companies on March 8th and has since been fixed.
The key lesson here is do not open files, or even messages, for that matter, from people you don’t know.