Click to Skip Ad
Closing in...

Hackers can read your WhatsApp and Telegram chats if they wanted to

Published Jun 2nd, 2016 7:00PM EDT
WhatsApp Encrypted Chats Intercepted
Image: Fast Company

WhatsApp has recently announced that all its chats are protected by end-to-end encryption, meaning that only the sender and receiver will be able to read the messages in a conversation. Telegram offers end-to-end encryption too in secret chats. But hackers can read WhatsApp and Telegram conversations with relative ease if they wanted to, and that’s all without breaking encryption.

DON’T MISS: Google Nexus phones won’t run pure Android anymore

The following videos, published on Forbes, shows how easy it is to hijack WhatsApp and Telegram accounts. Because these chat services use your phone number, hackers can take advantage of known flaws in wireless communication standards to snoop on your chats.

Specifically, SS7 vulnerabilities are used to trick a telecom operator that the hacker’s phone has the same number as the target. Since WhatsApp is tied to a phone number, all the hacker has to do to get access to someone’s account is to clone the target’s device using these vulnerabilities.

After obtaining the verification code from WhatsApp, they’ll be able to access WhatsApp messages sent to the target, and even retrieve a history of messages in case they’re backed up to the cloud. At least the target will get a prompt telling them that their WhatsApp account is used on a different device. Meanwhile, Telegram secret chats (which are end-to-end encrypted) can’t be accessed using this method. You can see the hacks in the following videos.

Why isn’t anyone fixing SS7 issues? As The Next Web explains, SS7 is a global network of telecom companies, so it’s pretty difficult to manage. SS7, short for Signaling System No. 7, is the network that connects one mobile phone network to another. Essentially, this is part of the backbone of wireless networks. Once a hacker obtains access to it, he or she can do a lot more than snoop on chats. They can listen in to phone call conversations, forward calls, and access SMS messages.

In other words, these kind of vulnerabilities are exactly the kind of backdoors that intelligence agencies want from telecom and internet companies. As long as smartphone messaging and chat apps are tied to a device’s phone number, and as long these known SS7 vulnerabilities aren’t fixed, third-parties will be able to spy on virtually anyone.

Chris Smith
Chris Smith Senior Writer

Chris Smith has been covering consumer electronics ever since the iPhone revolutionized the industry in 2008. When he’s not writing about the most recent tech news for BGR, he closely follows the events in Marvel’s Cinematic Universe and other blockbuster franchises. Outside of work, you’ll catch him streaming almost every new movie and TV show release as soon as it's available.