Instant messaging apps like WhatsApp and Telegram keep your messages encrypted in transit, but once a media file reaches your phone, the same cannot be guaranteed.
Researchers from Symantec have demonstrated how a vulnerability in WhatsApp and Telegram can be exploited by hackers to hijack the media files that are sent through these services.
How does it work?
This flaw, also known as Media File Jacking, arises from the time lapse between when media files are received through WhatsApp or Telegram and are written to the disk — when they are loaded onto the app’s chat interface.
The time taken between receiving a photo and storing it in memory is crucial because it can allow hackers to manipulate those media files without the user’s knowledge.
In Android, instant messaging apps can either choose to save media files (images and audio) in internal storage or external storage. If the file is saved in the internal storage, it’s accessible only through the app.
WhatsApp, by default, stores the media through external storage, whereas the same happens on Telegram, only if the app’s “Save to Gallery” feature is enabled.
Once the media file is sent, hackers can intervene and tamper with the file. For instance, they can get hold of an invoice and scam the victim into sending money into the wrong account.
Another demo clip shows how a person sent a picture of two friends and it was replaced in the recipient’s device with the face of the actor Nicolas Cage over their faces.
How to protect yourself?
If you use WhatsApp or Telegram, you can protect your account from getting hacked by changing these settings:
- On WhatsApp, visit Settings and turn off “Media Visibility”
- On Telegram, just turn off “Save to Gallery”