Last week reports came in from Wikileaks noting that the CIA has an active team working on iOS malware and vulnerabilities. Much of the news focused on social media and well-known messaging clients that were already compromised and being spied on by the CIA. After the initial shock subsided, it was made clear that poor wording on Wikileaks’ part did not mean that the clients were truly compromised. While this helped subside some of the fear, Check Point’s disclosure today show us that web clients are still not safe.
In a newly released disclosure, Check Point explains how they were able to craft a maliciously innocuous file into completely taking over WhatsApp and Telegram user accounts. By faking a MIME type, and crafting an HTML file to give an image preview, attackers could convince users to click on their shared content and allow the accounts to be completely taken over.