Advertisment

Hackers can manipulate WhatsApp and Telegram Media Files

Whatsapp and Telegram despite having end-to-end encryption have a flaw dubbed as 'Media File Jacking' that can expose personal files to hackers.

author-image
CIOL Bureau
New Update
Hackers can Manipulate WhatsApp and Telegram Media Files

WhatsApp and Telegram both have end-to-end protection and encryption to keep your media files safe against hackers. Yet Symantec Research has found a flaw, dubbed “Media File Jacking”, that could expose your media files to hackers.

Advertisment

Symantec’s Modern OS Security team found the flaw can affect WhatsApp for Android by default, and Telegram for Android if certain features are enabled. If the security flaw is exploited, a malicious attacker could misuse and manipulate sensitive information such as personal photos and videos, corporate documents, invoices, and voice memos. Attackers could take advantage of the relations of trust between a sender and a receiver when using these IM apps for personal gain or to wreak havoc.

By default, WhatsApp stores media files in external storage, in the following path: /storage/emulated/0/WhatsApp/Media/.

While Telegram, if a user enables the “Save to Gallery” feature, Telegram will similarly store files in: /storage/emulated/0/Telegram/.

Advertisment

Both are public directories. As file storage permission is very common among Android apps, users provide access without thinking about their privacy and malicious activities.

Hackers can Manipulate WhatsApp and Telegram Media Files

This can lead to image manipulation meaning a hacker can manipulate the image sent by a user to another one, even before he/she relieve. Also, payment manipulation and audio message spoofing can be done by any hacker. And how we can forget about the fake news which are very common nowadays over WhatsApp and other messenger apps.

Advertisment

How to protect against the threat?

Every app asks permission to store media files that you provide at that point of time but later on, also you can control the app activities.

WhatsApp: Settings -> Chats -> Media Visibility

Advertisment

Telegram: Settings -> Chat Settings -> Save to Gallery

whatsapp telegram symantec