Silicon Valley, March 19, 2017: Those encrypted messaging apps you may have been using to avoid prying eyes had a major flaw that could have allowed access to hackers, according to a cybersecurity firm.
According to Check Point Software Technologies, both Telegram and WhatsApp, which is owned by Facebook, were vulnerable.
NewsGram brings to you current foreign news from all over the world.
The company said it withheld the information until the security holes were patched, saying “hundreds of millions” of users could have been compromised.
The vulnerability involved infecting digital images with malicious code that would have been activated upon clicking the pic. That, according to Check Point, could have made accounts susceptible to hijacking.
NewsGram brings to you top news around the world today.
“This new vulnerability put hundreds of millions of WhatsApp Web and Telegram Web users at risk of complete account take over,” Check Point head of product vulnerability Oded Vanunu said in a news release. “By simply sending an innocent looking photo, an attacker could gain control over the account, access message history, all photos that were ever shared, and send messages on behalf of the user.”
Both apps tout so-called end-to-end encryption to ensure privacy, but according to Check Point, that made it hard to spot malicious code.
Patching the vulnerability involved blocking the code before the messages were encrypted.
WhatsApp claims to have more than one billion users, while Telegram has more than 100 million. (VOA)
Ireland’s Data Protection Commission (DPC) has announced a fresh investigation into Facebook, a day after the social networking giant admitted another security breach where nearly 6.8 million users risked their private photos being exposed to third-party apps.
Facebook, which is already facing a probe from the Irish watchdog for a previous privacy leak in September that affected 50 million people, may end up with fine of 4 per cent of its annual turnover – the highest fine under the new European General Data Protection Regulation (GDPR), The Independent reported on Saturday.
In Facebook’s case, the fine could amount to nearly 1.5 billion euros.
“The Irish DPC has received a number of breach notifications from Facebook since the introduction of the GDPR on May 25, 2018,” a spokesperson for the watchdog was quoted as saying.
The fresh move came after Facebook on Friday said more than 1,500 apps built by 876 developers may have also been affected by the bug that exposed users’ unshared photos during a 12-day-period from September 13 to 25.
Facebook, in a statement, said it has fixed the breach and will roll out next week “tools for app developers that will allow them to determine which people using their app might be impacted by this bug”.
“Currently, we believe this may have affected up to 6.8 million users and up to 1,500 apps built by 876 developers. The only apps affected by this bug were ones that Facebook approved to access the photos API and that individuals had authorised to access their photos.
“We’re sorry this happened,” said Facebook, adding that it will also notify the people potentially impacted by this bug via an alert.
Earlier this month, Italian regulators fined Facebook 10 million euros for selling users’ data without informing them.
The competition watchdog handed Facebook two fines totalling 10 million euros, “also for discouraging users from trying to limit how the company shares their data”.
The Irish watchdog, which is Facebook’s lead privacy regulator in Europe, in October opened a formal investigation into a data breach which affected 50 million users.
“The investigation will examine Facebook’s compliance with its obligation under the General Data Protection Regulation (GDPR) to implement appropriate technical and organisational measures to ensure the security and safeguarding of the personal data it processes,” said the DPC.
The world’s largest social media network has been grilled over the past year for its mishandling of user data, including its involvement in a privacy scandal in March when Cambridge Analytica, a British political consultancy firm, was accused of illegally accessing the data of more than 87 million Facebook users without their consent.
The private information of Facebook users was alleged to be used to influence the US 2016 general elections in favour of President Donald Trump’s campaign. (IANS)