Security firm Check Point recently disclosed some worrying holes in WhatsApp and Telegram which could have left millions of users vulnerable to attacks. Both services use end-to-end encryption to ensure complete privacy, making sure only the people involved can see the messages being sent.
However, this feature turned out to have a severe vulnerability which specifically affected WhatsApp Web and Telegram Web, the chat apps’ desktop clients. Since all messages are encrypted without going through a validation process, the two were unable to seek out and prevent dangerous content from being delivered.
Hackers may have thus exploiting this hole by sending a malware-laden file to their target. WhatsApp Web patrons would then have to open the image to allow access to their local storage. It gets a bit more complicated for Telegram Web users since they would have to open the photo in a new tab for the attacker to gain entry.
Once the door has been opened, hackers could take over accounts on any browser, snoop through a victim’s WhatsApp conversations, send the infected file to their contacts, and access their photos and videos. The attackers may have even been able to do things like ask for a ransom or post pictures online.
Check Point says that it informed WhatsApp and Telegram about the issue on 7 March. The two have since worked on the problem and delivered a fix. Both are now advising consumers to restart their browser to guarantee they’re using the latest version.