How Telegram and WhatsApp Were Hacked?

telegram and whatsapp were hacked

People believe in apps like WhatsApp and Telegram because of their end-to-end encryption. But the recent research showed that the hackers were still able to hack into these apps and gain full access of the victim’s account. Let me tell you how Telegram and WhatsApp were hacked with a single image file which resulted in a full account takeover without victim noticing it.

How Telegram and WhatsApp Were Hacked?

“It’s not so easy to hack into the apps like WhatsApp and Telegram as they’re protected with end-to-end encryption.” Is that what you think? Well, it may sound impossible but keep in mind that as long as the human interaction is there, a hacker can hack into it with one way or another.

Also check: Yahoo confirmed 500+ Million Accounts Stolen In 2014

The hacker was able to send a crafted link to a victim containing a image file with a download option which will surely seem interesting and the victim might click on it without noticing anything. Once it has been clicked, the victim’s account will be taken over. This hack was executable in the web versions of WhatsApp and Telegram chat messengers.

telegram and whatsapp were hacked

Source: Checkpoint

The upload mechanism of WhatsApp supports few file types, which includes; PDF, Document files, Audio files, Video files and Image files. A hackers research team was able to inject a malicious HTML code with a realistic and legitimate image file download preview. It was an easy act to fool a victim into clicking on that preview which isn’t actually a image file but a malicious scripted HTML link. When the victim clicks on it, the WhatsApp web client uses the FileReader HTML 5 API call to generate a BLOB URL with the file content which is sent by the attacker and then simply opens that same URL.

How An Attacker Was Able To Hack Into WhatsApp and Telegram Accounts?

Step 1: First, the attacker crafts a malicious HTML file with a preview image.

telegram and whatsapp were hacked

Source: Checkpoint

Step 2: WhatsApp web client stores the allowed document types in a client variable. Then that variable stores the allowed Mime Types used by the application.

Step 3:  Since an encrypted version of the document is sent to WhatsApp servers, it is possible to add new Mime type such as “text/html” to the variable in order to bypass the client restriction and upload a malicious HTML document.

Step 4: Client encrypts the data using encryptE2Media app.

telegram and whatsapp were hacked

Source: Checkpoint

Step 5: Change extension and preview image and you get something which has more chances of being clicked.

Step 6: Once the victim clicks on the link on web.whatsapp.com, he/she will see a BLOB and session will be hijacked. A Javascript allows an attacker to check file after every X seconds for a WhatsApp session hijack.

telegram and whatsapp were hacked

Source: Checkpoint

Step 7: Multiple sessions are not allowed by WhatsApp which is managed by this code as it makes the victim browser stuck giving ample time to the Attacker. While Telegram allows multiple sessions so its not required to write any code nor the victim on Telegram will be notified.

This is how Telegram and WhatsApp were hacked!

Also check: How To Identify If Your Computer Is Hacked?

Conclusion

Now you’re aware that how an attacker can takeover your WhatsApp or Telegram account. The only way to get rid of such attacks is to look carefully before clicking any sort of links. The threat is absolutely severe that will lead to worst consequences. Hopefully, this will be fixed by the technical teams but there is still no guarantee of whether these apps will be safer in future or not.

Share us your feedback below!

The following two tabs change content below.

Farhan Azam

Farhan Azam Memon is a Founder and a brain behind TechloStuff and a student who is about to reach his bachelors level for Computer Science. Farhan have quite a good experience of over 5 years with Blogging, SEO and Internet Marketing.
Share
+1
Tweet
Share
Pin
Stumble