Known as “Media File Jacking”, the vulnerability is present on both Telegram and WhatsApp apps on Android. When WhatsApp or Telegram store data externally, attackers have a window of opportunity to replace the original media files with malicious ones, even changing thumbnail preview of the file with a modified version.
Users expect messages inside WhatsApp and Telegram to be end-to-end encrypted but previous flaws have allowed hackers to manipulate messages before they’re delivered. Another vulnerability has now been spotted on WhatsApp and Telegram which showed flaws that could allow attackers to alter media files that are being shared by the two platforms.
Researchers from Symantec have now explained how attackers use malicious code to modify media files shared between users and replace with infected files before the recipient opens them. Known as “Media File Jacking”, the vulnerability is present on both Telegram and WhatsApp apps on Android. This is possible because Android apps have two options to store their data - internally and externally.
While data stored in the internal memory can only be accessed by the app itself, it’s not the same case with data stored in external cards. The report says that when WhatsApp or Telegram stores data externally, attackers have a window of opportunity to replace the original media files with malicious ones.
Symantec officials explained “Think of it like a race between the attacker and the app loading the files. If the attacker gets to the files first – this can happen almost in real time if the malware monitors the public directories for changes – recipients will see the manipulated files before ever seeing the originals”.
What’s even more interesting is that the thumbnail preview of the image or the file shared will also now show the altered version of the file. This means recipients will have no knowledge that the files were modified in the first place, thus giving the hack some more credibility.
The report also entails that the attack can be launched from the sender or recipient’s phone, even if they’re sure about the lack of any malicious apps on their phone. It says that in addition to altering images, the hack can also be used to spoof audio messages and manipulate payment modes.
While Telegram hasn’t spoken a word on the issue, WhatsApp has given a statement saying “WhatsApp has looked closely at this issue and it’s similar to previous questions about mobile device storage impacting the app ecosystem. WhatsApp follows current best practices provided by operating systems for media storage and looks forward to providing updates in line with Android’s ongoing development”.
Before WhatsApp rolls out a fix to the problem, you can safeguard your device from the hack by heading over to WhatsApp > Settings > Chats and switching off “Media Visibility”. On telegram, the same can be done by toggling off “Save to Gallery”.
You might like this