WhatsApp has been around for years and is one of the most used messaging apps in the world. The app's privacy and security features make it very popular.
It offers end-to-end encryption and two-step verification. However, it was recently discovered that hackers could use its end-to-end encryption feature to their advantage.
How hackers exploit end-to-end encryption
Researchers at Check Point discovered a flaw in both WhatsApp and Telegram messenger's end-to-end encryption systems. End-to-end encryption means the encryption extends from one end of the communication pathway to the other. It doesn't offer hackers any point to tap in and steal an unencrypted version of the message.
The problem is, a cybercriminal could send a malicious message intended to infect the recipient's gadget and the app wouldn't detect it. That's because the messages are encrypted end-to-end and only the sender and receiver see it.
That means a scammer could send a malicious image and when the recipient clicks on it to view, their gadget could be infected with a virus. The hacker could completely take over the recipient's account and share the malicious image with everyone in their contacts list. Once the scammer has control of your account they can steal your personal data as well as private messages and shared files.
There is good news, though. Both services have corrected this flaw.
The apps have started scanning messages for viruses before they are encrypted. This should stop the system from being exploited in the future. However, you still need to watch out for hoax messages sent from people you don't know.
Hoax messages happen quite often on popular messaging services. Here are some recommendations from WhatsApp on how to handle them:
- Block the sender of the message
- Disregard the message
- Delete the message
- Never forward these messages - this will prevent exposing your contacts to potential harm