Security flaw found in WhatsApp, Telegram: researchers

March 15, 2017

A computer security firm on Wednesday revealed a flaw that could let hackers break into WhatsApp or Telegram messaging accounts using the very encryption intended to protect messages.

Check Point Software Technologies said that it alerted Telegram and Facebook-owned WhatsApp last week, waiting until the vulnerability was patched before making it public.

Check Point did not specify how many messaging accounts were at risk, but did say the flaw posed a danger to "hundreds of millions" of users accessing the from web browsers in computers, as opposed to mobile applications.

"This new vulnerability put hundreds of millions of WhatsApp Web and Telegram Web users at risk of complete account take over," Check Point head of product vulnerability Oded Vanunu said in a release.

"By simply sending an innocent looking photo, an attacker could gain control over the account, access message history, all photos that were ever shared, and send on behalf of the user."

The vulnerability made it possible for an attacker to booby-trap a digital image with malicious code that could spring into action after the picture is clicked on for viewing, according to Check Point.

The malicious code could then hijack an account, and even spread itself like a virus by sending infected messages to those listed as contacts.

WhatsApp and Telegram use end-to-end encryption designed to make certain only senders and recipients can see what is in messages.

The privacy protection had the side effect of preventing the services from being able to discern whether message contents included , according to Check Point.

To remedy the situation, both services shifted to finding and blocking viruses before messages are encrypted, the security researchers said.

WhatsApp is one of the most popular instant messaging services in the world with more than a billion users. Telegram claims only 100 million or so users, but is often cited as a preferred communications tool of jihadists because of encryption to keep messages from the eyes of authorities.

Explore further: WhatsApp vulnerable to snooping: report

Related Stories

WhatsApp vulnerable to snooping: report

January 13, 2017

The Facebook-owned mobile messaging service WhatsApp is vulnerable to interception, the Guardian newspaper reported on Friday, sparking concern over an app advertised as putting an emphasis on privacy.

WhatsApp speeds patch, wins Check Point praise for response

September 8, 2015

Earlier this year, WhatsApp released its web-based service, making it accessible both on the phone and computer. WhatsApp Web was designed as the computer based extension of the WhatsApp account; as a web-based extension ...

WhatsApp adds messaging from Web

January 21, 2015

The popular mobile messaging application WhatsApp, acquired by Facebook last year for nearly $22 billion, unveiled a new service Wednesday for sending messages from a Web browser.

Telegram issues $200,000 in Bitcoins challenge to crack code

December 20, 2013

(Phys.org) —Anyone able to crack the encryption code of Telegram's message text wins a handsome award, but it needs to be by Telegram's rules. To win the money, you need to decipher the message, find the secret email address, ...

Security experts raise flags over WhatsApp

February 22, 2014

The Facebook deal for WhatsApp drew attention for its whopping price tag, but has also brought out fresh criticism over security for the billions of messages delivered on the platform.

Recommended for you

A not-quite-random walk demystifies the algorithm

December 15, 2017

The algorithm is having a cultural moment. Originally a math and computer science term, algorithms are now used to account for everything from military drone strikes and financial market forecasts to Google search results.

US faces moment of truth on 'net neutrality'

December 14, 2017

The acrimonious battle over "net neutrality" in America comes to a head Thursday with a US agency set to vote to roll back rules enacted two years earlier aimed at preventing a "two-speed" internet.

FCC votes along party lines to end 'net neutrality' (Update)

December 14, 2017

The Federal Communications Commission repealed the Obama-era "net neutrality" rules Thursday, giving internet service providers like Verizon, Comcast and AT&T a free hand to slow or block websites and apps as they see fit ...

The wet road to fast and stable batteries

December 14, 2017

An international team of scientists—including several researchers from the U.S. Department of Energy's (DOE) Argonne National Laboratory—has discovered an anode battery material with superfast charging and stable operation ...

0 comments

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.