While it is true that both platforms have end-to-end encryption which makes them way more secure than other forms of communication, are they really hack-free?
However, while these apps have great security features, they are hacked via something entirely different. In the case of the security vulnerabilities in both Telegram and Whatsapp, the Signal System 7(SS7) is the culprit.
Interestingly, the SS7 security flaws are not new, they’ve been there for years and have been well-known to security agents, governments, and even hackers.
In this regard, the question is not about acknowledging the vulnerabilities of SS7, but on how to fix it, which is by no means an easy feat.
How exactly are Whatsapp and Telegram accounts compromised?
Watch how a Whatsapp account is compromised below;
Watch how a Telegram account is compromised by hackers below;
Basically, encrypted messaging apps are hack-resistant because hacking messages are dependent on the conversation of two parties e.g. you and a friend with whom you are chatting.
Although hacking a message mid-way is possible, the middle-man (hacker) would gain nothing of value if he intercepts the message midway mainly because it will be encrypted and therefore unreadable.
Again, the encryptions of the app(s) are not the ones being compromised in the videos above, but rather the SS7 vulnerabilities are.
The feat is achieved by intelligently manipulating telecom servers to believe that the attacker and the target’s phone numbers are similar.
Afterwards, the attacker then creates new Whatsapp and Telegram accounts on which he will access the secret code which authenticates him as the owner of those accounts.
Once this step is complete, the hacker will then be able to send and receive messages from the victim’s account. This situation is of particular concern because all your privacy will be compromised since the attacker has access to your account and will be able to send, receive and read messages intended for you.
Why can’t the SS7 vulnerability simply be fixed?
Since SS7 is not owned by any single telecom company, but rather a group of global telecom companies, governing and owning it is impossible.
Instead, any proposed change is met with a series of conflicting views and lots of bureaucratic policies and hence everything is trampled into a mess.
Furthermore, we believe that the vulnerability will stay until a legal group is appointed to look into the matter.
Moreover, some analysts believe that the SS7 vulnerability isn’t being fixed because of the barrier created by intelligence authorities and the ability of telecom companies to solve the issue.
Nevertheless, we cannot be really sure, but the fact that phones can easily be hacked even when encrypted makes them a viable option for agencies like NASA and CIA, which have tempered with anti-privacy cookies before as well.