“This is not true, Telegram never had this issue”, the company wrote in a blog post after news reports based on Check Point claims started appearing.
In the recent development, the researchers at Check Point Security have announced a new type of attack against the web versions of WhatsApp and Telegram. WhatsApp Web patrons would then have to open the image to allow access to their local storage.
In the WhatsApp video the researchers showed a file called “funny cat” being sent to the victim of the attack.
As soon as the right file format is found, WhatsApp uses the FileReader HTML 5 API to encrypt the file and upload it to WhatsApp servers or Telegram servers in Telegram’s case. “A company called Check Point has discovered a way of taking over a WhatsApp account provided that your target simply opened a photo you sent them”.
WhatsApp and Telegram users were exposed to having their accounts taken over and to ransom demands by a vulnerability in the messaging apps’ online versions. Yet, the same end-to-end encryption was also the source of this vulnerability.
Some cyber security experts say that this vulnerability may have existed due to the fact that neither WhatsApp nor Telegram can read the contents of the messages their users are exchanging due to end-to-end encryption.
The vulnerability occurs through the transfer of image files.
Flaws in popular instant messaging applications are less common than traditional desktop software. “This is the unfortunate truth of today’s digitally reliant world”. Oded Vanunu, a researcher behind the work for Check Point, said it had not seen anyone using the security flaw in the wild.
Indeed, the security research community will continue to play a vital role in exposing flaws that would otherwise go unnoticed by site/app administrators.
WhatsApp and Telegram’s encryption technique is created to ascertain that only senders and receivers see what is in the messages.
In a closing thought Professor Giovanni Vigna, co-founder of malware detection firm Lastline said “This flaw shows how hard it is to balance security and usability”.
To remedy the security situation, both services are believed to have altered the way they finding and blocking viruses.
But, since WhatsApp and Telegram have both rolled out an updated and more secure version of their browser portal, we’ recommend you to shut down your web browser and restart it. After all, even those who are usually cautious of images sent to them by someone they don’t know, no matter how innocent they look, are more likely to look at images sent to them by someone they do know.