Whatsapp and Telegram are known for their end to end encryption of messages. But today Security researcher Symantec have discovered a serious bug in Whatsapp and Telegram. Symantec has given the coined the bug as “Media File Jacking”. The bug allows hackers to manipulate the files transferred between users.
Android apps can save files internally or externally. The files saved internally are private to the app and other apps cannot access them. But the files stored on external media can be easily accessible by other apps as well. WhatsApp, by default, stores media through external storage, and Telegram does so when the app’s “Save to Gallery” feature is enabled.
As per the post, “it stems from the lapse in time between when media files received through the apps are written to the disk, and when they are loaded in the apps’ chat user interface (UI) for users to consume. This critical time lapse presents an opportunity for malicious actors to intervene and manipulate media files without the user’s knowledge. If the security flaw is exploited, a malicious attacker could misuse and manipulate sensitive information such as personal photos and videos, corporate documents, invoices, and voice memos.”
According to the researchers, if a user has Malware app installed in the phone, and they receives a photo, then the hacker can easily manipulate the image and audio without the receiver ever noticing.
Symantec’s researchers replicated the bug with a series of examples. in one scenario malware manipulated the personal photos in near-real-time and without the victim knowing. The app runs in the background and performs a Media File Jacking attack while the victim uses WhatsApp.
In other cases Media File Jacking attacks, manipulated an invoice sent by a vendor to a customer, to trick the customer into making a payment to an illegitimate account.