A few months ago, WhatsApp informed users about a new feature that would stand out in terms of security for data protection and conversations. With end-to-end encryption, the instant messaging application promised users greater privacy in messages, photos, videos, voice messages, documents, status updates and calls.
Of course, this protection would only be available to users with newer and updated versions of WhatsApp so that only the recipient and the sender could read what is sent through the chats, even denying the platform access to the personal information. In this regard, the application mentioned the following:
“Your messages are secured with a padlock and only you and the receiver have the special code / key to open it and read the messages. Each message you send has its own unique padlock and code. All this happens automatically; No need to make adjustments or create secret chats to secure your messages. ”
That is, WhatsApp assured at the time that the talks would not take any intervention and no one would have access to them. However, apparently the messaging app was a detail: WhatsApp Web.
A vulnerability was recently announced that could affect WhatsApp and Telegram in their Web versions, which would mean that the security of millions of user accounts is at risk.
Investigators at computer security firm Check Point revealed that failure on both platforms could allow attackers to hack user accounts by using the encryption system that supposedly protects the confidentiality of messages.
The vulnerability allowed attackers to send malicious content codes into harmless-looking images such as a dog’s meme, or anything that might appear to be real. Subsequently, hackers could have personal accounts, photographs, contacts and private conversations at the time the user opened the harmless image.
Check Point alarms users to be careful about what they share, as it is hard to believe how it is that from an image could be in danger of such a nature. With a simple image, cyberattacks already know our message histories, photographs, and they could also start publishing on our behalf and affect our contacts.
It should be noted that both applications have already been alerted and officially ensured that they have already verified the failure, but they ask users to update to the latest versions so they do not have any complications in the future, nor are they exposed to possible attacks.