A vulnerability has been discovered in WhatsApp Web. This vulnerability, if exploited, would allow attackers to completely take over users’ accounts on any browser, and access victims’ personal and group conversations, photos, videos and other shared files, contact lists, and more. This means that attackers could potentially download photos and or post them online, send messages on the victim’s behalf, demand ransom, and even take over the victim’s friends’ accounts.

The exploitation of this vulnerability starts with the attacker sending an innocent looking file to the victim, which contains malicious code. The file can be modified to contain attractive content and raise the chances a user will open it. Once the user clicks to open it, the malicious file allows the attacker to access WhatsApp’s local storage, where user data is stored. From that point, the attacker can gain full access to the user’s account and account data. The attacker can then send the malicious file to the all victim’s contacts, opening a dangerous door to a potentially widespread attack over the WhatsApp network.

Link to blog: http://blog.checkpoint.com/2017/03/15/check-point-discloses-vulnerability-whatsapp-telegram/

Link to tech details: http://blog.checkpoint.com/wp-content/uploads/2017/03/Technical-Details.docx

source