Researchers have discovered a major flaw with the popular messaging apps WhatsApp Messenger and Telegram. The flaw is that certain security measures within the apps (or lack of), would have allowed hackers to take over the users messaging account and access their personal data.
In order for hackers to do this, users simply had to click on an image from the hacker that contained a malicious virus. Once the user had clicked on the image, the hacker would have been able to access the app’s local storage. In the case of WhatsApp, hackers could have also sent a suspicious HTML file that would have given them instant access to the phone and allowed the hacker to lock the phone’s owner out of the device.
Telegram hackers could have also used the malicious HTML file method, however, it’s thought they most likely would have hid the suspicious file with a different name such as ‘video/MP4’. So, can’t the user just delete the app and have the problem solved? Not really- the hackers’ plan was a bit more sneaky and hard to get around.
Both WhatsApp and Telegram are synced to the user’s smartphone, meaning that if the hacker had access to the app’s storage, they would have been able to access the rest of the device as well.
With access to the full device, the hacker would have been able to access the users’ photos, videos, conversations, contact lists, and other sensitive information. This personal information then could have been used to send messages on the user’s behalf, demand ransom from the users contacts, download and post data online, and even use the phone’s contact list to find new phones to hack.
Most messaging apps have no way to read the messages sent between users, which makes it hard to detect malicious and insincere messages. When this flaw was brought to light, both WhatsApp and Telegram admitted to this being a serious security flaw, and developed a fix for their users.
To fix this problem, the apps have updated their software so that messages can be scanned for malicious items before being encrypted. This new method of verification should pretty much put a stop to this security problem, according to WhatsApp.
Both apps want to remind users not to click on strange links or things that strangers may send, as there is always a chance that they could do damage to the users device.