Thrilled to receive that cute looking image of a cat on your WhatsApp? Felt aww when you received an innocent-looking image of a puppy on your WhatsApp? Beware! That could have hacked your WhatsApp account, and wreaked havoc on your phone.
But thankfully, that security vulnerability has been taken care of. But be alert, because such security threats are soon going to become a norm.
And your data privacy is the reason behind this debacle.
Innocent Images Could Have Hacked Your Phone?
Security firm Check Point discovered a serious security vulnerability wherein hackers could have embedded malicious code into any image shared on WhatsApp. Once the user clicked on that image, that code would have saved on your smartphone and literally done anything which the hacker wanted.
As per Check Point, such malware could have stolen all data residing on your phone, send anonymous calls and even demanded ransom. Interestingly, another security firm published a list of 36 well-known smartphones that come with such malware pre-installed.
This security vulnerability was found for web versions of WhatsApp and Telegram. And since a web version of both WhatsApp and Telegram is synced with the smartphone as well, the threat was real.
In their blog, Check Point said, “This vulnerability, if exploited, would have allowed attackers to completely take over users’ accounts on any browser, and access victims’ personal and group conversations, photos, videos and other shared files, contact lists, and more.”
The Reason For This Threat: Your Data Privacy
In August last year, WhatsApp introduced complete data encryption for all messages shared and posted on their platform. This means that even WhatsApp doesn’t read what you are typing or sharing, and this was mainly done to protect users’ privacy.
But unfortunately, this step became the cause of this security vulnerability as well.
When Check Point researchers embedded a malicious code into one of the innocent looking images, WhatsApp failed to check its content, and the code was transferred to the end-users’ mobile phone via web version.
Check Point said, “Nevertheless, this same mechanism has also been the origin of a new severe vulnerability we have discovered in both messaging services’ online platform – WhatsApp Web and Telegram Web”
WhatsApp, Telegram Responds; Blocks This Security Threat
When Check Point researchers informed WhatsApp and Telegram about this threat, they acted swiftly and blocked this security threat by updating their algorithm.
In a statement, WhatsApp said, “ When Check Point reported the issue, we addressed it within a day and released an update of WhatsApp for the web. To ensure that you are using the latest version, please restart your browser.”
In the case of Telegram, the threat was somewhat minimised because users had to open the image or the video with malicious code on a separate Chrome browser, something which is “a very unusual user interaction”, as per Telegram.
Nevertheless, Check Point has certainly opened up a Pandora’s Box when it comes to the security threat, based on WhatsApp and Telegram’s absolute data encryption policy.
After Check Point informed WhatsApp and Telegram about this threat, they immediately blocked it. But a real hacker won’t inform them in future.
In their blog post, Check Point has shared some of the steps which can be taken to make WhatsApp and Telegram more secured.
Can WhatsApp and Telegram ditch their data encryption policy to make their platform more robust? We will surely keep you updated as we receive more information.