Security flaw found in WhatsApp
A computer security firm last Wednesday revealed a flaw that could let hackers break into
WhatsApp or Telegram messaging accounts using the very encryption intended to protect messages.
Check Point Software Technologies said that it alerted Telegram and Facebook-owned WhatsApp last week, waiting until the vulnerability was patched before making it public.
It did not specify how many messaging accounts were at risk, but said the flaw posed a danger to "hundreds of millions" of users accessing the messaging platform from web browsers in computers, as opposed to mobile applications.
"By simply sending an innocent looking photo, an attacker could gain control over the account, access message history, all photos that were ever shared, and send messages on behalf of the user," Check Point head of product vulnerability Oded Vanunu said.
The vulnerability made it possible for an attacker to booby-trap a digital image with malicious code that could spring into action after the picture is clicked on for viewing, according to Check Point.
The malicious code could then hijack an account, and even spread itself like a virus by sending infected messages to those listed as contacts.