Recently, WhatsApp and Telegram, two popular messaging apps, were found to have major security holes. The problem pertained to the end-to-end encryption used in both of these apps, especially when they are used from a web browser. Using this exploit, a hacker can potentially take control of any Whatsapp/Telegram number, making it one of the most alarming hacks in recent times.
The issue was discovered by an Israeli security firm Check Point.
How it Works
To exploit this vulnerability a hacker needs to send an image loaded with malware through the web version of WhatsApp or Telegram. This image allows them to completely control the receiver’s account. This is just a simple description of the issue.
Going into the details, the hacker can send a message to anyone through the web versions of WhatsApp or Telegram attaching a malicious HTML file with a picture as the cover image. It would look like someone sent you a picture but in reality it would be a malicious file that would start downloading to your phone as soon as you tap on it.
End-to-End Encryption to Blame
What led to this problem was the same end-to-end encryption that was supposed to be a security check. Check Point researchers that discovered the problem said in a blog post,
Since messages were encrypted without being validated first, WhatsApp and Telegram were blind to the content, thus making them unable to prevent malicious content from being sent
Although both WhatsApp and Telegram have acknowledged this problem and have issued security patches, neither agree that the exploit has been used by anyone yet. Of course this is just what the companies always say when vulnerabilities are discovered but there is no way to ascertain that.
Safe For Now
Rest assured both of the companies have patched these issues in their latest updates. For now WhatsApp Web and Telegram’s web version is safe to use. Other messaging apps with web versions could also have similar vulnerabilities but none have been announced/discovered so far.
Via Check Point