WhatsApp and Telegram media files are vulnerable to hackers who could manipulate the media files received on these messaging platforms, according to cyber-security firm Symantec. Researchers from the firm disclosed the flaws to WhatsApp and Telegram as well. The ‘Media File Jacking’ flaw could allow potential hackers to alter images and audio files.
Media File Jacking on WhatsApp, Telegram: What’s the danger?
The security flaw, dubbed as “Media File Jacking” by Symantec, affects WhatsApp for Android by default, and Telegram for Android if the ‘Save to Gallery’ feature is enabled. An attacker could manipulate information such as photos, videos, documents, invoices and even voice memos by accessing these files as they are shared, received by these apps. However, all of this would depend on whether malware was already installed on the user’s smartphone.
What happens in Media File jacking is that a malicious app installed on a user’s device could change numbers in a photo of an invoice to scam victims into giving money to the wrong person. Or attackers could modify personal photos received on these platforms, spoof audio messages or spread fake news by accessing and modifying the media files.
Symantec’s researchers created a malware and tested it to manipulate image and audio files sent through WhatsApp and Telegram. In a demo clip shared by the security firm (embedded above), a person sent a photo of two friends, but the recipient’s device with malware installed on it received an image where the two faces were replaced by that of actor Nicolas Cage.
“A WhatsApp user may send a family photo to one of their contacts, but what the recipient sees is actually a modified photo. While this attack may seem trivial and just a nuisance, it shows the feasibility of manipulating images on the fly,” said the security firm.
So how is the Media File jacking attack carried out ?
According to Symantec, the attack can take place due to the time lapse when a media file is received via the app and written to the disk and when it is loaded in the chat interface. The time lapse here is what could be exploited by malicious actors to intervene and manipulate media files without the user’s knowledge, says Symantec.
While the end-to-end encryption protects messages from surveillance and keeps the conversation on the platform hidden even from the companies themselves, it does not make these apps foolproof.
According to the security firm, when files are stored on external storage on Android, which is what WhatsApp uses by default and Telegram uses when the user enables ‘Save to Gallery’ feature, other apps can access these files and if a malware is present it can manipulate them.