A research team from a well-known security firm, Check Point, has discovered major vulnerabilities in the two of the most popular messaging application. WhatsApp and Telegram, two popular messaging apps with end-to-end encryption, when used in an Internet browser could allow hackers to take control of the account.
“This new vulnerability put hundreds of millions of WhatsApp Web and Telegram Web users at risk of complete account take over,” Check Point head of product vulnerability Oded Vanunu said.
“By simply sending an innocent looking photo, an attacker could gain control over the account, access message history, all photos that were ever shared, and send messages on behalf of the user.”
The malicious code hidden behind the picture sent could simply spring into action after it is clicked on for viewing, according to Check Point. The malicious code could then hijack an account, and even spread itself like a virus by sending infected messages to those listed as contacts. It is not clear how many users were affected but WhatsApp and Telegram has 1.2 billion and 100 million active users respectively.
Don’t panic quite yet, Check Point Software Technologies said that it alerted Telegram and Facebook-owned WhatsApp last week, waiting until the vulnerability was patched before making it public. However, it remains unclear if similar bugs exist for other web-based messaging apps. Ultimately, this news should serve as a reminder that there is no software is 100 percent hacker-proof.
Remember, if you want to make sure your communications are completely secure, you’ll just have to write your messages on paper, put in in an envelope completely sealed, hand deliver them in a surveillance-free environment, watch your recipients read them, and then set those messages on fire. This ancient method still works great!
