Symantec knows what it’s saying. We trust the software company when it warns us of whatever fake apps are out there. The last time we featured a warning was January last year when we were told about a fake Uber app stealing user and credit card info. This week, we’re learning about a flaw on media file transfer that’s been affecting Telegram and WhatsApp for Android. These apps are in danger of being exposed, no thanks to a malicious security threat.
Media File Jacking is a security flaw that affects WhatsApp and Telegram. It only happens when some features are enabled on Telegram but already on default on WhatsApp for Android. There is usually a lapse in time between the time when files are received and when the apps are written to the disk, as well as, when loaded in that chat UI for consumers.
Between those times, some malicious actions can get in and try to manipulate media files. The big problem then starts if the security flaw is exploited. Sensitive information can be misused and manipulated from photos to videos, voice memos, invoices, and corporate documents.
An attacker can also take advantage of any communication between a receiver and a sender that may be relating through instant messaging apps. The danger is when the sender requests for something above and beyond what is usually asked. IM apps are not always immune to security threats. They can still be bypassed by genius hackers who want nothing but do damage to the tech industry.
End-to-end encryption helps but this Media File Jacking can be dangerous. The problem lies within the app-level as vulnerabilities always exist within the code. Manipulation of media files can happen which may, in turn, deliver a bigger problem.
This vulnerability allows image manipulation. By this, we mean the attacker can replace the current photos of the user with something else or maybe even extort or frame targets as described. Payment manipulation can also happen, as well as, audio message spoofing and fake news. Symantec recommends the following: Validate the integrity of files, Internal storage, and Encryption. Hopefully, with Android Q, changes will be enacted to the way the apps access media files especially those saved on the external storage.