This is the second time the company has revealed a vulnerability to WhatsApp.
Both WhatsApp and Telegram use end-to-end encryption to ensure that users’ messages are safe from prying eyes, but there’s a double-edged sword here.
The Telegram hack was a bit more complicated.
It’s important to note that Check Point’s report-again, like the Central Intelligence Agency revelations from WikiLeaks’ document trove-doesn’t mean you should give up on encrypted communications and start texting people via SMS.
In the recent development, the researchers at Check Point Security have announced a new type of attack against the web versions of WhatsApp and Telegram.
Hackers could access photos and videos and post them online due to a gaping security hole discovered in WhatsApp. Once you click the file, hackers would be able to get into the app’s local storage, which is risky since the apps are fully synced with your device.
If a user were to upload an image containing malicious code, the attacker could exploit the vulnerability in the online platform to gain full access to stored data for either messaging service, thereby taking over the entire account.
Check Point did not specify how many messaging accounts were at risk, but did say the flaw posed a danger to “hundreds of millions” of users accessing the messaging platform from web browsers in computers, as opposed to mobile applications.
A cyber-security research firm warns that WhatsApp and Telegram users may have unknowingly let hackers into their accounts-simply by looking at a photo that contained malicious lines of code.
Because the contents of chats are end-to-end encrypted, it means that neither WhatsApp nor Telegram could see the malware hidden in a shared malicious image. This has in turn, has created a loophole that allows a hacker to easily send across a malicious content to any WhatsApp users. Once a user clicks on the image sent by the cyber criminal, it opens into malicious HTML links. They claimed the bug meant that attackers could also potentially download photos, send messages on your behalf or take over friends’ accounts. Knowledge really is power there.
So don’t go ahead and click every single image that you get in the multiple WhatsApp and Telegram groups. This gives you control over which devices are hosting your account and shut down activities you don’t want.
In the meantime, it’s good to know both companies quickly responded to the problem.
Facebook has now fixed the flaw in the WhatsApp software by patching it on its servers. WhatsApp in this instance converts the file in an encrypted BLOB for WhatsApp client (the victim in this case) to decrypt on the other end.