If you are under the impression that the media files that you receive on your end-to-end encrypted messaging app are secured, then you are wrong. Security researchers at Symantec yesterday revealed several attack scenarios against Telegram and WhatsApp app.
This is “Media File Jacking”, and it uses the feature that any app installed on your device can access and rewrite media files. As WhatsApp store media files in the external storage, which makes it vulnerable.
This makes the attack vulnerable to all Android apps installed on your device. This serious jeopardy your privacy. This attack is a type of trojan horse. First, an app is installed on your device. Then the hacker can manipulate media files that are stored in your phone without your knowledge.
The Attackers can Manipulate media files, which leads to the following Scenarios:
1.) Image manipulation: The title says it all, the app will run in the background and can manipulate any media device stored on your phone.
2.) Payment manipulation: Hackers can manipulate an invoice sent by a vendor and trick customers into making a payment into the attacker’s account.
3.) Audio message spoofing: Hackers can use voice reconstruction to change an original audio message for their personal gain or to wreak havoc.
4.) Spread fake news: Telegram has a feature of creating channels. Attackers can then broadcast fake messages to your subscribers.
All these happen via a trusted app that uses end-to-end encryption.
How to Prevent Hackers from Hijacking your media files?
Symantec has already notified Telegram and WhatsApp about the issues. Google would fix this in its upcoming Android Q update. This new update provides a new privacy feature called Scoped Storage. Each app will be given an isolated storage sandbox which no other app can access.
Until then, to limit the risk of such an attack, you can do the following:
- WhatsApp: Settings → Chats → Turn the toggle off for ‘Media Visibility.’
- Telegram: Settings → Chat Settings → Disable the toggle for ‘Save to Gallery’