- The flaw could allow threat actors to manipulate and expose WhatsApp and Telegram media files.
- The flaw stems from how media files are stored on these messaging apps.
New research has revealed that WhatsApp and Telegram are impacted by a new flaw named ‘Media File Jacking’. The flaw could allow threat actors to manipulate and expose WhatsApp and Telegram media files.
What is the impact of the flaw?
Researchers from Symantec disclosed that the ‘Media File Jacking’ flaw in WhatsApp and Telegram could allow potential hackers to alter images and audio files. The flaw stems from how media files are stored on these messaging apps. It actually takes account of the time-lapse which occurs during the sending and receiving a message.
This critical time gap gives a malicious actor an ample amount of time to intervene and manipulate the media files without the user’s knowledge.
The misuse of the flaw can even allow an attacker to manipulate sensitive information such as personal photos, videos, corporate documents, invoices and voice memos.
“Attackers could take advantage of the relations of trust between a sender and a receiver when using these IM apps for personal gain or to wreak havoc,” added the researchers.
On WhatsApp, files are stored externally by default, while on Telegram, the vulnerability is present if ‘Save to Gallery’ is enabled.
Addressing the flaw
Users using these apps are advised to change their setting for media storage. On WhatsApp, it can be done disabling the ‘Media Visibility’ feature. However, on Telegram, the issue can be addressed by disabling the ‘Save to Gallery’ feature.