Nvidia Unveils Rubin Platform to Power Next Wave of AI Infrastructure 
Cathay Pacific Shares in Focus as Air China Plans Major Stake Reduction 
Grok AI Faces Global Scrutiny Over Safeguard Failures and Illegal Content on X 
Trump Blocks HieFo’s Emcore Chip Assets Deal Over National Security Concerns 
Chinese EV Stocks Slide as December Sales Growth Slows, Raising Demand Concerns 
BTIG Initiates Buy on SoftBank as AI and Robotics Strategy Gains Momentum 
Tesla UK Sales Slide as Competition Intensifies, While BYD Surges in Electric Vehicle Market 
Samsung to Double AI-Powered Mobile Devices with Google Gemini in Global AI Race 
Tesla Poised for Breakout Year in 2026 as New Products and EV Market Reset Drive Growth 
SGH’s A$13.15 Billion BlueScope Bid Sparks Steel Sector Shake-Up and Share Price Surge 
Jollibee Plans U.S. Listing for International Business, Shares Rally 
Saks Global Enterprises Seeks $1 Billion Loan Amid Possible Chapter 11 Bankruptcy Filing 
Reddit Emerges as a Major Winner in the Shift to AI-Powered Search 
Intel Unveils Panther Lake AI Laptop Chips at CES 2025, Marking Major 18A Manufacturing Milestone 
Kia Targets 3.35 Million Global Vehicle Sales in 2026 Amid Steady Growth Outlook 
TSMC Shares Hit Record High as Goldman Sachs Raises Price Target on AI Demand Outlook 
Baidu Shares Surge as Company Plans Kunlunxin AI Chip Spin-Off and Hong Kong Listing 
SAN CARLOS, Calif., March 15, 2017 -- Check Point® Software Technologies Ltd. (NASDAQ:CHKP) researchers today revealed a new vulnerability on WhatsApp & Telegram’s online platforms – WhatsApp Web & Telegram Web – two of the world’s most popular messaging services. By exploiting this vulnerability, attackers could completely take over user accounts, and access victims’ personal and group conversations, photos, videos and other shared files, contact lists, and more.
“This new vulnerability put hundreds of millions of WhatsApp Web and Telegram Web users at risk of complete account take over,” says Oded Vanunu, head of product vulnerability research at Check Point. “By simply sending an innocent looking photo, an attacker could gain control over the account, access message history, all photos that were ever shared, and send messages on behalf of the user.”
The vulnerability allows an attacker to send the victim malicious code, hidden within an innocent looking image. As soon as the user clicks on the image, the attacker can gain full access to the victim’s WhatsApp or Telegram storage data, thus giving full access to the victim’s account. The attacker can then send the malicious file to all the victim’s contacts, potentially enabling a widespread attack.
Check Point disclosed this information to the WhatsApp and Telegram security teams on March 8, 2017. WhatsApp and Telegram acknowledged the security issue and developed fixes for worldwide web clients. “Thankfully, WhatsApp and Telegram responded quickly and responsibly to deploy the mitigation against exploitation of this issue in all web clients,” said Oded Vanunu. WhatsApp and Telegram web users wishing to ensure that they are using the latest version are advised to restart their browser.
WhatsApp and Telegram use end-to-end message encryption as a data security measure, to ensure that only the people communicating can read the messages, and nobody in between. Yet, the same end-to-end encryption was also the source of this vulnerability. Since messages were encrypted on the side of the sender, WhatsApp and Telegram were blind to the content, and were therefore unable to prevent malicious content from being sent. After fixing this vulnerability, content will now be validated before the encryption, allowing malicious files to be blocked.
Both web versions mirror all messages sent and received by the user on the mobile app, and are fully synced with users’ devices
WhatsApp has over 1 billion users worldwide, making it the most prevalent instant messaging service available today. The company’s web version is available on all browsers and WhatsApp supported platforms, including Android, iPhone (iOS), Windows Phone 8.x, BlackBerry, BB10 and Nokia smartphones.
Telegram is a cloud-based mobile and desktop messaging app that has over 100 million monthly active users, delivering over 15 billion messages daily.
For technical details you can check the Check Point blog: http://blog.checkpoint.com/2017/03/15/check-point-discloses-vulnerability-whatsapp-telegram/
Demo videos can be found here:
- WhatsApp: https://youtu.be/UR_i5XSAKrg
- Telegram: https://youtu.be/26Ih4xTcP-E
Follow Check Point via:
Twitter: http://www.twitter.com/checkpointsw
Facebook: https://www.facebook.com/checkpointsoftware
Blog: http://blog.checkpoint.com
YouTube: http://www.youtube.com/user/CPGlobal
LinkedIn: https://www.linkedin.com/company/check-point-software-technologies
About Check Point Software Technologies Ltd.
Check Point Software Technologies Ltd. (www.checkpoint.com) is the largest network cyber security vendor globally, providing industry-leading solutions and protecting customers from cyberattacks with an unmatched catch rate of malware and other types of threats. Check Point offers a complete security architecture defending enterprises – from networks to mobile devices – in addition to the most comprehensive and intuitive security management. Check Point protects over 100,000 organizations of all sizes.
INVESTOR CONTACT: Kip E. Meintzer Check Point Software Technologies +1.650.628.2040 [email protected] MEDIA CONTACT: Ali Donzanti Check Point Software Technologies Tel: +1.650.628.2030 [email protected]
