Hundreds of millions of users of the web versions of WhatsApp and Telegram messengers were put at risk by a serious security flaw, according to an Israeli firm.
The vulnerability could allow hackers to could gain control over accounts, access personal data – including conversations, contacts and shared files – as well as sending messages to other users.
Ironically, the exploit uses the very encryption which is intended to protect messages from prying eyes.
WhatsApp is one of the most popular instant messaging services in the world with more than a billion users. Telegram claims only 100 million or so users, but is often cited as a preferred communications tool of jihadists because of encryption to keep messages from the eyes of authorities.To remedy the security situation, both services are believed to have altered the way they finding and blocking viruses.They are now thought to be running this process before messages are encrypted.
WhatsApp and Telegram both use end-to-end encryption, which is designed to make sure only senders and recipients can view the content of messages.
But an unexpected side effect of this process is that it prevents the apps from being able to check whether message contents include malicious code.
This vulnerability makes it possible for an attacker to booby-trap a file shared via the app, perhaps a meme image, with malicious code.
This would spring into action after the picture is clicked on for viewing, according to Israeli computer security firm Check Point.
The malicious code could then hijack an account and spread itself like a virus by sending infected messages to contacts.
Check Point Software Technologies says that it alerted Telegram and Facebook-owned WhatsApp last week.
Oded Vanunu, head of product vulnerability at Check Point, said: ‘This new vulnerability put hundreds of millions of WhatsApp Web and Telegram Web users at risk of complete account take over.
‘By simply sending an innocent looking photo, an attacker could gain control over the account, access message history, all photos that were ever shared, and send messages on behalf of the user.’
WhatsApp is one of the most popular instant messaging services in the world with more than a billion users.
Telegram claims only 100 million or so users, but is often cited as a preferred communications tool of jihadists because of encryption to keep messages from the eyes of authorities.
To remedy the security situation, both services are believed to have altered the way they finding and blocking viruses.
They are now running this process before messages are encrypted.
Join GhanaStar.com to receive daily email alerts of breaking news in Ghana. GhanaStar.com is your source for all Ghana News. Get the latest Ghana news, breaking news, sports, politics, entertainment and more about Ghana, Africa and beyond.