Don’t Download Images on WhatsApp, Hackers Could Steal Your Data

WhatsApp and Telegram’s end-to-end encryption is too safe for its own liking. This week, a security software company has reported that a malware vulnerability, on both the messaging platforms, has raised serious data security concern.

If the knowledge falls into the wrong hands, it could compromise data of millions of WhatsApp and Telegram users. As scary as this might sound, the threat has been notified to WhatsApp and Telegram, and has been fixed at the time of publishing this piece.

The report has been shared by Check Point Software Technologies, who have clearly indicated that downloading images and videos on your phone from these platforms could be riskier than they could imagine.

End-to-end encryption is designed to ensure that only the people communicating can read the messages and nobody else in between.

This has been lauded by many people, including the users, so that no misuse of such data happens. But as it turns out, hackers could even turn this strong point to their benefit.

This same mechanism has also been the origin of a new severe vulnerability, which the folks at Check Point have been able to discover in both – WhatsApp and Telegram, albeit just the web version.

How it Happened?

Check Point was quick to point out that since messages were encrypted without being validated first, WhatsApp and Telegram were blind to the content, thus making them unable to prevent malicious content from being sent.

It adds that the affected HTML files would look like a normal image, and clicking on that image would navigate you to the infected page, and in turn, the data stored in your internal storage will be sent to the hacker.

How the malware could lead to loss of data. (Photo Courtesy: <a href="http://blog.checkpoint.com/2017/03/15/check-point-discloses-vulnerability-whatsapp-telegram/">Check Point</a>)

Speaking to Saket Modi, Co-founder at Lucideus, a cyber security firm, we got some interesting insights into how the web version of WhatsApp or Telegram could be more prone to such attacks than the mobile version.

He also pointed out the core reason or matter that leads to this vulnerability to take place.

Who’s at Fault?

Both Check Point and Saket have stayed away from pointing fingers at anyone, with special emphasis on the fact that encryption isn’t the sole reason for this vulnerability.

However, he did alert everyone to the reality that hacking WhatsApp data is very much doable, and it doesn’t matter if you’re a celebrity or just a normal person on the social platforms.

Being part of the digital-cum-social sphere comes with its set of responsibilities and awareness, and users ought to adhere to that for their own safety.


The Quint
The Quint is media with intelligence. The Quint is media for mobile consumption – quickly, visually and socially. The Quint is popular, digital journalism.

Share the Article :