Vulnerability Discovered – Why You Shouldn’t Use WhatsApp and Telegram on the Web

According to the Israeli security firm Check Point, even encrypted messenger apps like WhatsApp and Telegram can be penetrated by malware. Just this month, spokesperson Doros Hadjizenonos announced the firm had discovered a weakness in the web versions of these apps. The vulnerability allowed hackers to send a contaminated photo capable of infecting the entire account upon opening. Both companies have reacted immediately to patch the problem and users who have downloaded the latest version should be protected. However, security experts are still advising that high-risk individuals stick to the mobile version of WhatsApp and Telegram.

Encrypted Apps are the Secure Choice

Privacy and reputation go hand in hand. ReputationDefender clients include individuals and businesses working to build a positive web profile. A few personal details or a private message made public can quickly undo months of effort. With over 1 billion users, WhatsApp is the go-to messenger app and the announcement of ‘end-to-end encryption’ last year made it one of the more secure choices as well. A unique encryption key means no one but the intended receiver can unlock and read the message, not even WhatsApp itself. Meanwhile, the lesser known Telegram has been offering ‘Secret Chats’ that rely on a similar encryption key for several years.

What Went Wrong?

Unfortunately, in this case encryption created its own unique problem. Since the sender’s content was scrambled before upload, the app wasn’t always able to identify contaminated files. Hackers could conceal HTML code in a harmless-looking image and send it to an unsuspecting user. Opening the message in a web application would allow the malware to run immediately on the user’s browser, giving hackers access to the entire account: personal contacts, messages, images… everything.

Hadjizenonos has assured users that WhatsApp and Telegram both responded quickly and responsibly to Check Point’s warning. The input validation process has been improved to identify and block files containing malware on both web and mobile versions. As always, it’s important to download the latest updates immediately, since these often contain fixes for weaknesses and vulnerabilities that have just been discovered.

What’s Different with Web Apps?

The larger lesson is that the mobile versions of WhatsApp and Telegram are more secure than the web-based versions. Web apps use JavaScript which will input new code and overwrite functionality immediately. Mobile apps don’t support this ‘just-in-time’ compiling; changes much be downloaded and configured before installation. This means users are better protected from the type of vulnerability spotted by Check Point.

Although this particular risk has been eliminated, it won’t prevent hackers from discovering a new access point in the future. If your WhatsApp account contains data that could hurt you if it were made public, it’s best to avoid messaging on the web. Stick to mobile, where there’s an extra layer of security.

Guidelines for the online reputation of teachers on social media

via GIPHY

There truly is no privacy for anyone on the internet. But some people have to be a lot more careful than others when it comes to posting online bits and pieces of their lives. Their job depends on it. Among the jobs whose professionals are not within the category of celebrities, teaching is one of the most sensitive ones to captious interpretations about the contents that are shared on the web.

In a short time, cases have surfaced such as that of an elementary school English teacher who lost her job after a video that showed her twerking went viral. Or another teacher in England who was fired after parents found photos of her in her other job: a lingerie model.

Online reputation specialists believe that schools and universities should develop guidelines to behave on social networks, aimed at their employees. This is not common in educational institutions or many other companies and organizations.

Said guidelines would be a good tool for two reasons: The first one would be to start a reflection within the organization about how personal behavior on social networks can affect people as professionals and the institution where they work, and the second one would be to keep professionals from saying that they haven’t seen any rules or recommendations about this subject. These measures should protect the reputation of the educational institution or company.

The only thing that exists today is the recommendation of acting with common sense and prudence. Some of the cases that have been recorded of teachers getting fired, such as the ones we mentioned before, wouldn’t be real reasons to fire someone from teaching.

Teachers should be aware of the fact that, within their community, they are public characters. A teacher should be judged by the work he or she does in the institution, as long, obviously, as they don’t commit illegal activities on social networks such as, for instance, making xenophobic or racist comments.

With that being said, let’s take a look at some handy recommendations for teachers to behave on social networks.

Image courtesy of Berkeley Lab at Flickr.com
Image courtesy of Berkeley Lab at Flickr.com
  1. Be informed about the guidelines or recommendations in your school or workplace’s social media. The responsibility of the person who publishes the content will always be heavier than that of the readers, so teachers must be very aware because their reputation is closely related to their role as educators.
  1. Don’t have your students as friends or followers on your social networking profiles. There are social networks where teachers can avoid being contacted by students -such as Facebook, where this prevention is recommended- and other ones where it’s more complicated such as Twitter or Instagram, particularly if students use aliases that have nothing to do with their real names. An option is to self-impose the rule of only accepting former students into your virtual circles.
  1. Be careful when it comes to choosing your profile image. It’s not convenient, for instance, to show photographs in which you are consuming alcohol -or drugs, clearly- or making gestures that can be interpreted as obscene or in bad taste.
  1. It’s not necessary to tell people the name of your school, university or workplace. It’s enough to use a more neutral phrase to talk about your job, such as “primary school teacher in New York”. It’s not convenient to mention your school in your social network comments either.
  1. Don’t geolocate your activities on social networks when you’re at school. That would make it easier for your students to find your account.
  1. Keep your Instagram account private and don’t even think about trusting Snapchat. Remember that even though Snapchat posts disappear after a short time, it’s always possible to take a screenshot or a photograph with another device for as long as the image is displayed.
  1. Don’t complain about your job in your social networking accounts and don’t criticize your students. Keep your thoughts for your private circles outside of the online environment.
  1. Never share photos of your students in your social networks. The right to privacy of minors is one of the few regulated aspects, and in some cases, those regulations are strictly enforced. Each parent has their own ideas about the convenience -or inconvenience- of their kids appearing on photographs that are posted on the internet. It’s better to avoid confusions.

At the end of the day, both teachers and professional workers of other environments, and grownups in general should be aware of the fact that the freedom of posting on social media is also an exercise of responsibility. Any person that requires their name to be visible as part of their job whether they be a teacher, a manager, a principal, an independent worker, a doctor or a salesman, should know that their students or their customers will want to know who they are and they will Google them, for sure, sooner or later.