When we think about WhatsApp or Telegram, we think of end-to-end encryption that both instant messaging apps offer. We think of rock-solid security that both feature. But what if we tell you that they are not as safe as they sound. Research from the popular cybersecurity company Symantec revealed that some vulnerabilities in these apps can allow hackers to manipulate the audio and image files a user receives on these platforms. 

What is Media File Jacking?

Dubbed as the “Media File Jacking”, this new security flaw was able to go through Android apps for WhatsApp and Telegram. 

The researchers revealed that WhatsApp has the ability to save media files to external storage automatically whereas Telegram also does it when you activate the “Save to Gallery” feature. However, both are unable to protect users from a Media File Jacking attack that manipulates with these media files. The Modern OS team from Symantec explained the details and said hackers can exploit this vulnerability to steal user data and scam users in various ways.

Alon Gat, Software Engineer and Yair Amit, Vice-President and Chief Technology Officer, Modern OS Security, Symantec wrote, “If the security flaw is exploited, a malicious attacker could misuse and manipulate sensitive information such as personal photos and videos, corporate documents, invoices, and voice memos.”

Researchers said that any innocent-looking but the malicious app can manipulate user’s personal images in real-time without the victim’s knowledge. This image manipulation was an example of how other media files can be accessed too.

These kinds of malicious apps will perform Media File Jacking attack in real-time when a victim will use WhatsApp or Telegram. This attack will monitor received photographs, identify the faces in it, and will replace it with something else such as objects or other faces.
The blog post by the team said, “A WhatsApp user may send a family photo to one of their contacts, but what the recipient sees is actually a modified photo. While this attack may seem trivial and just a nuisance, it shows the feasibility of manipulating images on the fly.”
Using this vulnerability, the hackers can do payment manipulations, spread fake news, or perform audio message spoofing. 

Gat and Amit wrote, “In one of the most damaging Media File Jacking attacks, a malicious actor can manipulate an invoice sent by a vendor to a customer, to trick the customer into making a payment to an illegitimate account.” They further added, “The Media File Jacking threat is especially concerning in light of the common perception that the new generation of IM (instant messaging) apps are immune to content manipulation and privacy risks, thanks to the utilization of security mechanisms like end-to-end encryption.”

What Should You Do?

Not long ago in May, there was a bug revealed in the audio call feature of WhatsApp that allowed hackers to install spyware on any iOS or Android device by just calling the target. The vulnerability was identified and swiftly fixed by WhatsApp developers. We hope that the Facebook-owned messaging app understands Media File Jacking and fixes the vulnerability soon.

As far as Telegram is concerned, we have to wait for developers to release an update. For the time being, users can simply just turn off ‘Save to Gallery’ feature.