In an effort to add a layer of security, sometime last year, WhatsApp and Telegram added end-to-end encryption to the online messengers. However, ironically, researchers at Checkpoint found out that the encryption was itself a loophole in WhatsApp, that could allow a hacker to breach in. And what s worse is that this hack could have been performed using a mere image. Soon after some reports stated that the same vulnerability was discovered in Telegram messenger as well. But now, in a recent development, Telegram claims the reports are untrue saying, Telegram never had this issue . Also Read - WhatsApp is a surveillance tool, stay away from it: Telegram founderAlso Read - WhatsApp restricts users from taking screenshot of 'view once' images
Telegram blames the research firm to have included the messenger s name in this flaw to maximize its PR. It wrote in a blog, Many media wrongly reported that Telegram had the same issue as WhatsApp. The reason they did this is because Checkpoint chose to write their post in a way to maximize its PR impact. This is not unusual for a security company seeking recognition. Still it’s surprising that they were not satisfied with merely cashing in on the WhatsApp issue and included inaccurate statements about Telegram. Also Read - Giving fake identity for SIM, WhatsApp, Telegram will lead to jail time and 50k fine: Govt
Although Telegram does mention about another security flaw which was found on the messenger, but it says that one, also spotted by Checkpoint, was different and had very different implications for the end user. It explains that for that version of loophole to work, a fixed procedure had to be followed by a target, in the exact order and only on the Chrome browser. RELATED: Whatsapp, Telegram end-to-end encryption vulnerable to hacking
For it to work, a target had to hit ‘Play’ to start watching a malicious video via Telegram Web in Chrome. According to the encryption flaw in question, in case of WhatsApp an account would already be compromised at this point, however nothing happens in Telegram. From here, a user need to right-click on the running video and select “open in a new tab” from the menu, for the flaw to really work.
Recalling what the research firm found, it said that This new vulnerability put hundreds of millions of WhatsApp Web and Telegram Web users at risk of complete account take over. By simply sending an innocent looking photo, an attacker could gain control over the account, access message history, all photos that were ever shared, and send messages on behalf of the user. ALSO READ: WhatsApp introduces two-step verification as extra security for its 1.2 billion users
Essentially, the vulnerability allowed an attacker to booby-trap a digital image with malicious code, which could spring into action after the picture is simply clicked on for viewing. The malicious code could then hijack an account, and even spread itself like a virus by sending infected messages to those listed as contacts.