WhatsApp and Telegram for the desktop are vulnerable to cyber attacks, notes a report prepared by researchers from Check Point Software Technologies. However, Telegram has denied there is any vulnerability in its service and has claimed that Check Point report is misleading.
The security researchers at Check Point say that users of these two chat apps are vulnerable each time they access them through the desktop. They say that WhatsApp and Telegram for the web can be hijacked any time by cyber criminals and hackers using a multimedia file, like a photo, that has a hidden malware inside it.
Roughly, there are around a billion WhatsApp desktop users, while a little less in the count, Telegram for the web accounts for around 100 million users. So, does that mean that these millions and billions of users are at risk? The answer for now seems to be yes.
Although both apps claim that they use end-to-end encryption, security researchers say they are still vulnerable. The Check Point report states that a bug on both WhatsApp and Telegram can be exploited by cyber criminals using an eye-catchy picture or a video. Once a user clicks on the image sent by the cyber criminal, it opens into malicious HTML links.
Through this bug, the hackers have the ability to gain access to a WhatsApp user’s account. Once they gain entry, they can steal a WhatsApp user’s personal details, copy contact list, chats with his or her friends, and steal photos and videos. Not only that, Check Point mentions that the attackers can possibly download user’s images, post them online, send messages, demand ransom and even attack other profiles.
“In WhatsApp, once the user clicks to open the image, the malicious file allows the attacker to access the local storage, where user data is stored,” Check Point noted in a blog on its site. “In Telegram, the user should click again to open a new tab, in order for the attacker to access local storage. From that point, the attacker can gain full access to the user’s account and account data.”
However, Telegram has claimed that Check Point is wrong. “A company called Check Point has discovered a way of taking over a WhatsApp account provided that your target simply opened a photo you sent them. No additional actions from the target were required. Some media reported that ‘the same’ vulnerability was discovered in Telegram…. This is not true, Telegram never had this issue,” the company wrote in a blog post after news reports based on Check Point claims started appearing. “The part about Telegram in this (Check Point) statement is not true. Many media wrongly reported that Telegram had the same issue as WhatsApp.”