While the WhatsApp service itself included technology such as end-to-end encryption (E2EE) for privacy, the policy change indicated that it could begin sharing some data and user information with its parent company, Facebook (now Meta).
The resulting migration gave Telegram a massive boost to its userbase, which is now around 700 million worldwide versus WhatsApp’s two billion.
Like WhatsApp, Telegram also has E2EE to ensure protected messages cannot be easily read by unauthorised third parties. In 2017, security research firm Check Point Software Technologies released a report indicating that the E2EE on both platforms could be a potential vulnerability.
“The vulnerability allows an attacker to send the victim malicious code, hidden within an innocent-looking image. As soon as the user clicks on the image, the attacker can gain full access to the victim’s WhatsApp or Telegram storage data, thus giving full access to the victim’s account. The attacker can then send the malicious file to all the victim’s contacts, potentially enabling a widespread attack.
“Since messages were encrypted on the side of the sender, WhatsApp and Telegram were blind to the content and were therefore unable to prevent malicious content from being sent. After fixing this vulnerability, the content will now be validated before the encryption, allowing malicious files to be blocked,” the firm said.
Check Point disclosed its findings to the WhatsApp and Telegram security teams in March 2017, adding that the two companies had promptly acknowledged the issues raised and developed fixes for its worldwide web clients.
While this vulnerability has been addressed, Telegram’s popularity has still made it a more attractive target for hackers and scammers.
How to know when your Telegram is hacked?
Last month, Prime Minister Datuk Seri Ismail Sabri Yaakob lodged reports with the Malaysian Communications and Multimedia Commission (MCMC) and the police after his personal Telegram and Signal accounts were hacked.
It was believed that the accounts were…