Security weakness found in WhatsApp and Telegram
Washington, March 16: A flaw that could let hackers break into WhatsApp or Telegram messaging users accounts using the very encryption intended to protect messages, a computer security firm today revealed.
Tel Aviv, Israel-based Check Point Software Technologies said that it alerted Telegram and Facebook-owned WhatsApp last week, waiting until the vulnerability was fixed before making it public.
“An attacker could gain control over the account, access message history, all photos that were ever shared, and send messages on behalf of the user by simply sending an innocent looking photo,” Oded Vanunu said.
As per the vulnerability, it made possible for a hacker to booby-trap a digital image with malicious code that could spring into action after the picture is clicked on for viewing, according to Check Point.
The malicious code could then hijack an account, and even spread itself like a virus by sending infected messages to those all contacts.
Messaging apps WhatsApp and Telegram using end-to-end encryption technology, on the intent of only senders and recipients can see what is in messages.
According to Check Point Technologies, the privacy protection had the side effect of preventing the services from being able to discern whether message contents included malicious code.
According to the security researchers, both services shifted to finding and blocking viruses before messages are encrypted is the remedy for the situation.
Facebook backed WhatsApp is one of the most popular instant messaging services in the world with more than a billion users.
The cloud-based mobile and desktop messaging app Telegram claims only 100 million or so users but is often cited as a preferred communications tool of Terrorists because of encryption to keep messages from the eyes of authorities.