Your Whatsapp Images, Videos Can Be Hacked To Gain Control Over Your Phone: How To Avoid This?

WhatsApp and Telegram have become the two most popular instant online messaging these days. With their easy to share photos, documents, contacts and location, along with their end to end encryption, WhatsApp and Telegram have become successful in holding their popularity among its users. 

However, Symantec recently conducted a research which showed that apps like WhatsApp and Telegram and the media files saved on smartphones would easily fall prey to malicious programs into modifying them even before the users get to the original documents.

It also believes that there’s a possibility of a new security flaw known as Media File Jacking. Symantec, the cyber security company also noted that this affects WhatsApp for Android by default. Telegram is affected  only if certain features are enabled.

How Can You Be at Risk?

According to the researchers at Semantic, WhatsApp saves files to external storage automatically, while Telegram does so when the “Save to Gallery” feature is enabled. However, neither apps have any provision of protecting users from such Media File Jacking attack.

An attacker could manipulate information such as photos, videos, documents, invoices and even voice memos by accessing these files as they are shared on these apps. The malicious app installed on a user’s device could change numbers in a photo of an invoice to scam victims into giving money to the wrong person. 

“Media File Jacking” flaw occurs due to the slightest delay between the time when these apps actually receive the files and when the files are loaded in the chat interface of the apps so that users can see these files. This delay gives an opportunity to the hackers to “intervene and manipulate media files”. Given the perception that new instant messaging apps are safe, this flaw is quite problematic.

Symantec explained that technology such as end to end encryption is effective only if such app-level problems are not present. This manipulation can also happen befor Whatsapp or Telegram encrypt the file. 

The Possible Solution

The report noted that developers should validate the integrity of files, or keep them in the internal storage and encryption for the media files as well. The problem happens when the app stores the media files in the external storage. 

In addition, the upcoming “Scoped Storage” feature in Android Q will also help prevent such attacks.  In May this year, it was reported that a WhatsApp flaw allowed hackers to install spyware on a device with just a simple phone call. Back in 2017, Telegram was found to have a flaw that could let hackers take over accounts.