Those encrypted messaging apps you may have been using to avoid prying eyes had a major flaw that could have allowed access to hackers, according to a cybersecurity firm.
According to Check Point Software Technologies, both Telegram and WhatsApp, which is owned by Facebook, were vulnerable.
The company said it withheld the information until the security holes were patched, saying “hundreds of millions” of users could have been compromised.
The vulnerability involved infecting digital images with malicious code that would have been activated upon clicking the pic. That, according to Check Point, could have made accounts susceptible to hijacking.
“This new vulnerability put hundreds of millions of WhatsApp Web and Telegram Web users at risk of complete account take over,” Check Point head of product vulnerability Oded Vanunu said in a news release. “By simply sending an innocent looking photo, an attacker could gain control over the account, access message history, all photos that were ever shared, and send messages on behalf of the user.”
Both apps tout so-called end-to-end encryption to ensure privacy, but according to Check Point, that made it hard to spot malicious code.
Patching the vulnerability involved blocking the code before the messages were encrypted.
WhatsApp claims to have more than one billion users, while Telegram has more than 100 million.