Israeli security firm Check Point has revealed a latent vulnerability wherein WhatsApp and Telegram can be hacked through their respective web versions.
WhatsApp and Telegram have both prided themselves on security and stability, and the former chat service enabled end-to-end encryption last year in a bid to secure message threads against hacking attempts. Now, Israeli security firm Check Point has discovered a devastating vulnerability in the web versions of both apps.
Check Point detais that WhatsApp’s end-to-end encryption can be bypassed by sending a malicious image with latent HTML code which is triggered to run should a user click the image within WhatsApp Web. The code subsequently runs through the victim’s browser and can enable a hacker to gain access to a victim’s messages, contact list, and any shared videos or photos.
Similarly, Check Point has revealed that hackers can enclose hidden HTML in a video, which if Telegram users open on the web will run malicious code in a new browser tab.
The below video reveals what occurs during a takeover of WhatsApp’s Web client:
While both WhatsApp and Telegram have since patched their respective vulnerabilities, the latent weakness might have exposed millions of users to hackers seeking to circumvent end-to-end encryption.
In conversation with Wired, Nadim Kobeissi, founder of Symbolic Software, commented that the discovery “highlight[s] a weakness specific to web applications”, and further commented that “It’s kind of heartbreaking to have to say this, but if you’re someone in a precarious situation and you care about your security, I’d recommend you use WhatsApp on an iPhone”.
What are your thoughts on the news that a vulnerability has been discovered in WhatsApp and Telegram? Do you feel less safe on either platform? Be sure to let us know your opinion in the comments below!