Check Point a security firm revealed on Wednesday that a flaw in WhatsApp and Telegram can be used by hackers to get access to users account. Check Point immediately alerted both WhatsApp and Telegram about the vulnerability a week ago. Check Point waited for both WhatsApp and Telelgram to remove the vulnerability through patch before revealing it publically.
The firm revealed that hundreds of millions users were vulnerable due to this flaw. Due to this flaw hackers could get access to those user’s account who use these messengers on desktop browsers.
Check Point head of product vulnerability Oded Vanunu said in a release. “This new vulnerability put hundreds of millions of WhatsApp Web and Telegram Web users at risk of complete account take over.”
Hackers using this flaw could gain access to user accounts including users message history, photos and send messages to others pretending as the user. All they needed was to send a photo with a malicious code and once the user opened this picture the attacker could gain access to users account. The attacker could also use this vulnerability by sending the same picture to other users on your list.
WhatsApp and Telegram both use end-to-end encryption due to which only sender and receiver can check the messages and pictures. Due to end-to-end encryption even the service could not see the content of the message. This is one of the downside of using end-to-end encryption.
Both the companies have shifted their policies and now are they are validating the content of the message before encryption to make sure any malicious code is detected before encryption takes place.
The good thing is that both the companies immediately acknowledged and responded to fix this problem. WhatsApp is one of the most widely used messaging app with approximately 1 billion users worldwide on the other hand Telegram claims to have 100 million monthly active users. Check Point has advised both WhatsApp and Telegram users to restart their browser to ensure they’re using the latest versions of the service.