If you are using Whatsapp Web or Telegram Web in your computer, then it's high time to safeguard yourself from hackers taking over your account. On Wednesday, a computer security firm Check Point revealed a flaw that hackers could break into your WhatsApp or Telegram account by using encryption feature of it.
The encryption technology used in this messaging services encodes your message while sending it and decodes the same message in the receiving end in order to enhance the security feature further. But when firms like Check Point reveals security flaws in this feature, it acts as a major drawback in such web apps. It sounds like misleading the users of the app as well.
The researchers have also mentioned the consequences of this flaw in their blog post as, "This means that attackers could potentially download your photos and or post them online, send messages on your behalf, demand ransom, and even take over your friends' accounts,"
This security firm says hackers were able to access WhatsApp user accounts by sending a photo file containing malicious code inside it. If the web user clicks on the photo, the hacker will be granted with full access to attack that particular account.
A similar concept has been used in the Telegram hack where hackers send a video file having malicious code to the web user. He turns out to be a victim of this hack by playing the video in another browser tab. This malicious code could hijack such accounts and spread itself by sending virus infected messages to others in the contact list.
According to the company, these hacks were possible because the encryption services used here would just encrypt the files before sending them without evaluating it for any malicious code. Check Point disclosed this information immediately to WhatsApp's and Telegram's security teams.
Both the companies have verified this issue and fixed the problem for web clients soon after. WhatsApp and Telegram web users are also advised to restart their browser to resolve this vulnerability.