FacebookInstagramTwitterContact

 

Adelina’s family demands compensation           >>           GST to go up to 9%, hike expected to kick in between 2021 and 2025           >>           Fazura relates encounter with ‘pontianak’ on movie set           >>           Sergio Aguero appears to clash with Wigan fan on pitch           >>           Lionel Messi, Barcelona aren't invincible - Chelsea's Pedro           >>           Pep Guardiola plays down tunnel row, accepts Fabian Delph red card           >>           Selamat meluaran seorang putera           >>           Doa Kesyukuran sempena Puja Usia DPMM           >>           Riadah Berbasikal Semangat Kebangsaan, 25 Februari           >>           Bendera kecil meja diagihkan di Daerah Belait           >>          

 

SHARE THIS ARTICLE




REACH US


GENERAL INQUIRY

[email protected]

 

ADVERTISING

[email protected]

 

PRESS RELEASE

[email protected]

 

HOTLINE

+673 222-0178 [Office Hour]

+673 223-6740 [Fax]

 



Upcoming Events


Brunei Gastronomy Week
February 23rd, 2018 | 08:00 AM


Negara Brunei Darussalam 34th National Day
February 23rd, 2018 | 10:00 AM





Prayer Times


The prayer times for Brunei-Muara and Temburong districts. For Tutong add 1 minute and for Belait add 3 minutes.


Imsak

: 05:06AM

Subuh

: 05:16AM

Syuruk

: 06:35AM

Doha

: 06:57AM

Zohor

: 12:35PM

Asar

: 03:54PM

Maghrib

: 06:34PM

Isyak

: 07:44PM

 



The Business Directory


 

 



Security & Privacy


  Home > Security & Privacy


Whatsapp, Telegram Flaws Left Accounts Vulnerable To Hackers


Telegram, an encrypted-messaging service, patched a problem flagged by security researchers, but said the flaw wasn't likely to have affected any users. Telegram

 


 March 20th, 2017  |  09:56 AM  |   820 views

CNET.COM

 

The problems -- now patched -- meant hackers could have sent malicious photos or videos with the power to take over your account.

 

If you use WhatsApp or Telegram on your web browser, you'll want to shut down the browser and start it up again to keep hackers from taking over your account.

 

A group of researchers from cybersecurity firm Check Point revealed Wednesday that the web browser version of these popular encrypted-messaging apps had flaws that could have let hackers access and alter user accounts.

 

"This means that attackers could potentially download your photos and or post them online, send messages on your behalf, demand ransom, and even take over your friends' accounts," the researchers wrote in a blog post published Wednesday.

 

The research comes at a sensitive time for encrypted-messaging services, which have come under fire for being vulnerable to hacking attacks. These apps scramble up communications as they travel from one user to another, making them unreadable to anyone but the sender and receiver.

 

So even though two recent claims that encrypted-messaging apps are vulnerable have been criticized by security experts as exaggerated or misleading, users are naturally alarmed by research like Check Point's.

 

Check Point says it was able to access WhatsApp user accounts by sending a photo file containing malicious code. If the user was accessing his or her account from a browser and clicked on the photo, it gave full access to the sender.

 

The Telegram hack was a bit more complicated. Researchers showed they could send a video file to their intended victims that also contained malicious code. For the attack to succeed, the user would need to be logged in on a browser, click "play" on the video and then open it in another browser tab.

 

The messaging services have each patched the problem affecting their browser-based applications. The hacks were possible because the encrypted-messaging services would encrypt the files and send them without evaluating them for malicious code. As a result, "WhatsApp and Telegram were blind to the content, thus making them unable to prevent malicious content from being sent," Check Point researchers wrote.

 

"We build WhatsApp to keep people and their information secure," WhatsApp said in an emailed statement, "When Check Point reported the issue, we addressed it within a day and released an update of WhatsApp for web."

 

Telegram also said it patched the problem, but countered Check Point's message in a testy statement released Wednesday. Calling the researchers "irresponsible," the company said it was unlikely that a user would go through the steps necessary for the hack to work.

 

"The attack against Telegram required very special conditions and very unusual actions from the targeted user to succeed," the statement said. The company also refuted Check Point's claim that the attack would work in any browser, saying it only had worked in Chrome.

 

"We still fixed this immediately, of course," the statement said.

 

In response to Telegram's statement, the Check Point researchers pointed out that both Telegram and WhatsApp responded to their report by fixing their software. "We have shared all technical details to support the claims we have made and are very comfortable with the content of our blog," the researchers said in an emailed statement on Thursday.

 

It's not the first time that encrypted-messaging apps have pushed back on claims their users' messages are vulnerable.

 

Earlier in March, WikiLeaks claimed that government spies could access messages sent on WhatsApp, Telegram and a similar service called Signal, with its apparent cache of hacking tools -- but the companies were quick to point out that the encryption in the apps still works just fine, and the messages were still encrypted as they traveled across the internet.

 

And in January, a UC Berkeley researcher said he found a "backdoor" into WhatsApp messages, but the company said the issue flagged by the researcher was an intentional design decision and that it would not be used to intercept messages on behalf of any government.

 


 

Source:
courtesy of CNET

by Laura Hautala

 

If you have any stories or news that you would like to share with the global online community, please feel free to share it with us by contacting us directly at [email protected]

 

Related News


Pitas Holds Longest CNY Festival

 2018-02-19 09:52:18

Terracotta Theft: Chinese Anger Over Stolen Warrior Thumb

 2018-02-20 09:17:26

Singapore Matches More Problems With More Money: Budget Snapshot

 2018-02-20 09:39:48