A new report has surfaced online indicating that all the media files that you receive on WhatsApp or Telegram are not safe. The report clarified that it is not that these files are at risk while the transfer happens. Instead, hackers can affect the files after they reach your device. It went on to add that this is possible by a new security flaw known as Media File Jacking flaw. Symantec, the cybersecurity company behind the report noted that this “affects WhatsApp for Android by default”. Telegram for Android is also affected “if certain features are enabled”.
WhatsApp Telegram hack: Cause of “Media File Jacking”
Alon Gat, the Software engineer who wrote this report went on to explain the reason behind this flaw. Gat said that the “Media File Jacking flaw” happens because of the slight delay. He is referring to the delay between the time when these apps actually receive the files and the time when they write the media files to the disk, and the time when the files are loaded in the chat interface of the apps so that users can see these files. This delay gives an opportunity to the hackers to “intervene and manipulate media files”.
The report went on to add that hackers can manipulate personal and/or sensitive data including photos, videos, sensitive documents, invoices, and voice memos. Given the perception that new instant messaging apps are safe, this flaw is quite problematic. It is referring to the general belief that WhatsApp and Telegram are private and secure because of end-to-end encryption. The cybersecurity giant noted that “no code is immune to security vulnerabilities”.
Symantec explained that technology such as end-to-end encryption is effective only if such app-level problems are not present. Problems like “media file jacking” highlight that strong security measures in the middle are not enough. This manipulation can also happen before WhatsApp or Telegram encrypt the file. This is in addition to the above-mentioned possibility of manipulation after the user has received it. The report goes on to cover the technical details about how a hacker can exploit it and the complete impact. This attack is similar to the “Man-in-the-Disk” attack from last year.
Protecting against such problems
The report noted that developers should validate the integrity of files, or keep them in the internal storage. The problem happens when the app stores the media files in the external storage. In addition, the upcoming “Scoped Storage” feature in Android Q will also help prevent such attacks. Symantec noted that it has already notified Telegram and Facebook about the flaw.
