WhatsApp and Telegram are the latest victims to third party data hacking which saw millions of users vulnerable to having their accounts taken over and held to ransom.
Hackers utilised a weakness in images being sent through the messaging apps to hide malware that could eventually take over accounts.
Once again – no one is safe!!!
WhatsApp is an extremely popular choice of instant messaging currently used by billions of people in over 180 countries. It allows for users to send instant messages, images, and video files in real time for free.
Telegram is one of the fastest messaging apps utilising a Cloud network. Both platforms use end to end encryption to protect the data being sent. End to end encryption is when the data is put through a protective scramble sequence. To reveal the data, the same decryption key is used to unscramble it all. This means that, in between sending and receiving, even if the data was intercepted, it would not be readable by a third party unless they had the same decryption key.
But this was malware…
However, when hackers managed to insert malware into images being sent through the messaging apps, that very same encryption prevented the companies from realising what was happening.
Hackers found a way to insert coded malware inside image files so that, when they were opened by the recipient, the malware was released into their local storage. From there, the malware could access the user’s entire account; including enabling the hacker to take control of the account. With full access, hackers are able to ransom images or the entire accounts themselves. Security experts explained that, once taken over, the accounts may then be used to target the real owner’s entire list of contacts.
“From that point, the attacker can gain full access to the user’s account and account data. The attacker can then send the malicious files to all the victim’s contacts, opening a dangerous door to a potentially widespread attack over the WhatsApp and Telegram networks”, said one of the security experts.
Breach undetected for a while
Due to the security encryption used, the companies were not aware of the breach for a while, and therefore unable to do anything to stop it. However, both companies have now attended to the issue, and the vulnerable weak point has been fixed, and users are advised to log out and restart the app.
Today, we are seeing more and more sophisticated cyber-attacks on all sorts of digital platforms. Now that everything seems to be online, hackers can access a wealth of information with a few short lines of code and a click of a mouse. Phishing scams are increasingly popular; targeting victims by posing as their banks or internet providers, for example. All internet users must be wary of the potential dangers of sharing too much information online. Passwords should also be regularly updated with new and complicated replacements. Although hard to spot, as with the WhatsApp and Telegram image malware attack, internet users must take every cyber security precaution they can.
Data breaches can be incredibly hard to stop and remedy and must therefore be prevented in the first place.