A security firm recently revealed a major flaw that may have let hackers hack into Telegram or WhatsApp messaging accounts of users with the exact encryption originally intended to secure messages.
WhatsApp as well as Telegram just patched the flaws in the popular messaging apps after researchers of security proves that they were able to seize control over user accounts.
Check Point Software Technologies stated that it told Telegram and the Facebook-owned messenger WhatsApp one week prior, and waited until the companies patched vulnerabilities before they made it public.
Check Point didn’t specify just how many of the messaging accounts had been at risk, however they did state that the flaw had posed dangers to “hundreds of millions” of users who access these messaging platforms via web browsers on computers, rather than just mobile applications.
“This new vulnerability put hundreds of millions of WhatsApp Web and Telegram Web users at risk of a complete account take over,” said Oded Vanunu, Check Point’s head of the department that assesses product vulnerability in a recent statement.
“By simply sending an innocent looking photo, an attacker could gain control over the account, access message history, all photos that were ever shared, and send messages on behalf of the user.”
How It Works
The malicious coding can hijack any account, even spreading like a virus via the sending infected messages to user contacts.
Both WhatsApp and Telegram have implemented end-to-end style encryption in order to allow only the sender and receiver to see what messages contain.
This privacy protection resulted in a side effect that prevents the service from deciphering whether a message contains malicious coding or not, reported Check Point.
To solve the issue, both services have shifted to find and block these viruses even before the messages get encrypted, said security researchers.