If You Use WhatsApp Or Telegram On PC, Your Account Can Be Compromised

A vulnerability in the encryption systems of both WhatsApp and Telegram means hackers can swoop in and seize control of your account. The irony? It¡¯s not an oversight that caused the misstep, but instead an attempt at providing maybe too much privacy.

Reuters

Security research firm Check Point Software Technologies on Wednesday released a report of the flaw that could compromise your account. The company said it discovered the vulnerability a week ago on March 7, which it then reported to both WhatsApp and Telegram, waiting for them to finish patching it before releasing the news.

It¡¯s still not clear how many accounts may have been at risk, though the Check Point report estimates it in the range of¡°hundreds of millions¡±. One thing to note here, is that general WhatsApp and Telegram users are still safe. You only have to worry if you¡¯ve been using the desktop platforms for the apps, namely WhatsApp Web and Telegram Web.

To exploit the flaw, a hacker could simply send a photo to the target victim, containing malicious code. Once the user clicks to open the image on WhatsApp Web, the malicious file gives the hacker access to your device¡¯s local storage, where your account data is stored. On Telegram Web, users have to open the image in a new tab for the attacker to gain entry, though from there onwards it¡¯s just as easy to access as WhatsApp.

¡°This vulnerability, if exploited, would have allowed attackers to completely take over users¡¯ accounts on any browser, and access victims¡¯ personal and group conversations, photos, videos and other shared files, contact lists, and more,¡± Check Point¡¯s head of product vulnerability Oded Vanunu said in a blog post. ¡°This means that attackers could potentially download your photos and or post them online, send messages on your behalf, demand ransom, and even take over your friends¡¯ accounts.¡±

In addition, with your account in hand, the hacker can now also attempt to widen his reach by sending out the same photo to your contacts, who will automatically trust a file sent by a friend.

How the hack works on WhatsApp Web - Check Point Software

The main problem Check Point noticed here is that the very same end-to-end encryption prided by both WhatsApp and Telegram was their downfall. The encryption method prevents anyone other than the sender and receiver from reading chats, including the owners of these services. Because of this, neither WhatsApp nor Telegram would know that the chats they¡¯re transmitting containing malicious code. It¡¯s like a bomb being mailed through the post office and only being opened at the starting point and destination.

In order to fix the exploit, Vanunu says both companies sprung into action when they received the report. ¡°WhatsApp and Telegram responded quickly and responsibly to deploy the mitigation against exploitation of this issue in all web clients,¡± he said. WhatsApp and Telegram web users only need to make sure they restart their browser to ensure they¡¯re using the patched version of the software. In addition, the research team suggests periodically cleaning computers where you¡¯re logged into either WhatsApp or Telegram Web, so you can be sure you¡¯re the only one accessing your account.

If you want to peruse the technical details of how such a breach could be executed, you can find coding information on the Check Point blog here.

Also Read: WhatsApp¡¯s Good Old Text-Only Status Is Making A Comeback Thanks To Popular Demand