Whereas they’re recognized for strongly encrypting messages in transit, apps like WhatsApp and Telegram might not all the time be capable of maintaining information secure after they’re in your phone. At this time, researchers from Symantec clarify how hackers may use a malicious app to alter media files despatched via the providers subtly.
On Android, apps can select to save lots of media, like photographs and audio information, via both internal storage that’s solely accessible by the app or exterior storage which is extra broadly obtainable to different apps. WhatsApp, by default, shops media by exterior storage, and Telegram does so when the app’s “Save to Gallery” characteristic is enabled.
In accordance with the researchers, the design means malware with exterior storage entry might be used to entry WhatsApp and Telegram media information, perhaps even earlier than the person sees them. If a consumer downloads a malicious app, for instance, after which receives a photograph on WhatsApp, a hacker might manipulate the picture without the receiver ever noticing. A hacker might theoretically alter an outgoing multimedia message as effectively.
The researchers name the assault “Media File Jacking.” In some ways, it’s an identified problem and a trade-off between privateness and accessibility for messaging apps on Android. By utilizing the exterior storage setting, which is broadly used, apps are extra appropriate with others, permitting footage and different knowledge to maneuver more freely. However, that comes with a price: last year, and researchers identified similar issues.
Telegram didn’t instantly reply to a request for remark. A WhatsApp spokesperson stated altering its storage system would restrict the service’s skill to share media files, and even introduce new privacy points. “WhatsApp has appeared intently at this concern, and it’s much like earlier questions on mobile device storage impacting the app ecosystem,” the spokesperson stated in an announcement. “WhatsApp follows present finest practices offered by working methods for media storage and appears ahead to offering updates in keeping with Android’s ongoing growth.”