Users of the popular messaging apps WhatsApp and Telegram who have also taken advantage of the browser-based versions of the apps have unknowingly been at risk to hacking after a security research firm uncovered a flaw that could have been used by hackers to take control of entire accounts.

The flaw, which is only apparent when using the web browser versions of WhatsApp and Telegram, has been around since their inception, although WhatsApp has claimed that there is no evidence that it was ever used on its users.

Discovered by Israeli security firm Check Point and outlined in a blog post, the security issues arose because hackers could send malicious HTML via the services, with an image loaded as the code’s preview. When an unwitting user clicked that preview image, the code would be initiated, giving the hacker access to and control of the account in question.

Check Point told both WhatsApp and Telegram of the issues and both now say that the holes have been plugged. What makes this particular situation so interesting, however, is that it is WhatsApp and Telegram’s main feature that made all of this possible.

Both services offer end-to-end encryption, which users enjoy because it means nobody can snoop on their messages. That also includes the service providers themselves, meaning neither WhatsApp nor Telegram were ever aware that the malicious code was being sent and received. Hackers were essentially shielded, giving them free rein over what they were sending to their targets.

It would appear that this security flaw was never taken advantage of, and with both WhatsApp and Telegram having already issued updates that prevent this being a problem in the future, users are now protected from any similar potential attacks. It does go to show, though, that no matter how secure something claims to be, there will always be a way to game it.

(Source: Check Point)

You might also like to check out:

You can follow us on Twitter, add us to your circle on Google+ or like our Facebook page to keep yourself updated on all the latest from Microsoft, Google, Apple and the Web.

Related Stories