According to a computer security firm, there is a flaw that might allow hackers to break into messaging accounts existing on WhatsApp and Telegram by using the encryption set by developers precisely to prevent such issues. Check Point Software Technologies declared that they sent a note to the two messaging app owners last week, warning them about the vulnerability. However, they waited until the two teams solved it in order to make it public.
The firm did not reveal how many accounts were put in danger, but they said that the flaw threatened the security of hundreds of millions users that were accessing the messaging apps on web browsers from their computers, and not on mobile apps.
Oded Vanunu, who works as the head of product vulnerability for Check Point, declared that the vulnerability risked the accounts to be taken over completely on WhatsApp Web and Telegram Web. The problem was serious, since any hacker with bad intentions could send a simple photo and then gain control over the entire account, including messages history, photos that were shared. Moreover, they could even send messages by using the account of the user.
What’s even worse, the malicious code embedded in the picture could spread itself to other contacts in the victim’s list too by sending them similar messages.
Both WhatsApp and Telegram are relying on end-to-end encryption in order to ensure full privacy between the senders and recipients. However, this measure backlashed, since the protection did not allow the services to see whether the content of a message was by any chance a malicious code.
As a solution, both companies found and blocked the viruses before the messages were encrypted, as the security researchers had declared. Let’s just hope that there won’t be any other similar issue with the accounts!