WhatsApp and Telegram Security Flaw Can Make Hackers to Manipulate Media Files

Social messaging platforms such as WhatsApp and Telegram are said to be secure with their end-to-end (E2E) encryption which averts any malicious acts, but they may not be that safe after all, as a new report from Symantec suggests that these instant messaging apps aren't as safe as you might think they are as hackers can manipulate the media files after you receive them on your smartphones via a security flaw.

The flaw also called as "Media File Jacking" could lead to malicious actors to intervene and manipulate media files after they reach your smartphones, thus allowing hackers to take advantage of the two platforms. About the flaw, a software engineer Alon Gat explained it as, Android smartphones can store data in two locations - internal and external. While the internal storage is safe as it can be accessed only by the app, the external storage isn't as safe as it is saved to a public directory and can be modified by other apps or users.

There is a time lag between when the media files are received and written to the disk and when they are loaded in the app for consumption by the user.

During this time lag, malicious hackers can install their malware that would allow them to manipulate the received media files or even replace them with the media files of their choice.

Symantec has already notified Telegram and Facebook about the media file jacking vulnerability. And while they are working on fixing this flaw, users on their end can take some precautions to mitigate the effects of this flaw. While WhatsApp users can toggle the Media Visibility option in the Chat settings such that the new media files that they receive are not by default saved into their phone's gallery, Telegram users can toggle Save to Gallery option in Chat Settings for the same.