Cybersecurity researchers have discovered a flaw in WhatsApp and Telegram for Android that allows cybercriminals to modify or replace media files in external storage before they reach the intended recipient.
According to Symantec, the new security flaw which is dubbed 'Media File Jacking' affects WhatsApp for Android by default and Telegram for Android by default. The new flaw exposes media files and sensitive information on both messaging platforms which could be manipulated by malicious actors.
The Media File Jacking security flaw "stems from the lapse in between when media files received through the apps are written to the disk, and when they are loaded in the apps' chat user interface (UI) for users to consume," the Symantec blog read.
The time-lapse gives the opportunity for cybercriminals to intervene and manipulate media files and other sensitive documents without the users knowledge
"This critical time lapse presents an opportunity for malicious actors to intervene and manipulate media files without the user's knowledge. If the security flaw is exploited, a malicious attacker could misuse and manipulate sensitive information such as personal photos and videos, corporate documents, invoices, and voice memos. Attackers could take advantage of the relations of trust between a sender and a receiver when using these IM apps for personal gain or to wreck havoc," the blog report added.
Also Read: Chinese Boy Who Sold His Kidney To Buy An iPhone Now Disabled For Life
Though WhatsApp and Telegram supports end-to-end encryption for voice calls and chats,`the security researcher revealed that attackers may however, be able to successfully manipulate media files by taking advantage of logical flaws in the apps that occur before and/ or after the content is encrypted in transit.
While files saved on internal storage can only be accessed by either WhatsApp or Telegram,the findings revealed that files saved to external storage are word-readable/ writable and could be modified by other apps.
WhatApp and Telegram Android users can mitigate the risk by disabling the feature that saves media files to external storage. Following the below procedures to disable media from saving to external storage.
For WhatsApp, go to Settings > Chats > Media Visibility. For Telegram, go to Settings > Chat Settings > Save to Gallery and then turn of the feature.