Posted on July 16, 2019 at 11:20 AM
Android is one of the most popular smartphone operating systems around the world, but it is also extremely vulnerable, with new flaws emerging almost on a daily basis. Now, the security company Symantec discovered another vulnerability that could allow hackers to potentially exploit messaging apps WhatsApp and Telegram.
Media files sent via popular messaging apps in danger of manipulation
Messaging apps are quite well-known for their privacy features, especially when it comes to end-to-end encryption. There is nothing hackers can do to break the encryption and intercept messages or media files that are being sent from one user to another. However, once the files are received, they get stored on the phone, and that is when they become vulnerable and susceptible to manipulation.
Symantec explained this in their new blog post, published on Monday, July 15th. The firm stated that the issue lies in the fact that messaging apps save media files automatically, whether in the phone’s own gallery, or external storages. WhatsApp does it by default, while Telegram does not, but it does allow users to set the feature manually.
If the user’s device happens to be infected by malicious software when they start receiving media files via messaging apps, the malware might alter the phone’s external storage. It could even allow hackers to intercept media files and alter them altogether. Symantec came up with the name for this type of attack, calling it Media File Jacking.
The company claims that the threat is larger than it might seem at first, as it clearly demonstrates the hackers’ ability to edit and manipulate images and other files ‘on the fly.’ It might even be possible for attackers to alter voice notes or even payments. For example, they could manipulate an invoice that a vendor sends to their customer. If they manage to intercept the message, hackers might choose to alter the account details and have the customer send their payment to an illegitimate account, owned by the hackers. In other words, hackers could potentially alter outgoing messages as well.
Now, this is not exactly a new issue. It comes as a trade-off between accessibility and privacy on Android. Further, by using an external storage setting — which is something that many tend to do for convenience — data tends to flow more freely.
With Telegram, hackers can get even more creative with different methods of impacting and confusing the app’s users. For example, they might use the same flaw for propagating misinformation through the use of Telegram channels. This feature is typically used for broadcasting messages to larger numbers of the app’s users. Researchers have not stated that the flaw was misused in such a way as of yet, but they still made speculations and came to a conclusion that it might be possible.
WhatsApp cannot change things without limiting its app
Symantec also used the opportunity to make several recommendations regarding what WhatsApp and Telegram could do to resolve the problem. One recommendation is for the apps to change the file validation and storage, in order to patch up the flaw. So far, the spokeswoman for WhatsApp responded by saying that the app’s team has looked into the issue.
Their research found that the newly reported problem is similar to previous issues in regards to mobile device storage that might impact WhatsApp’s ecosystem. According to the spokeswoman, the company currently follows the best existing practices that are provided by operating systems for media storage. Further updates will arrive in line with Android’s own continuous development. As for the suggested changes, the spokeswoman pointed out that applying them might result in privacy complications, and limit the possibilities when it comes to methods of sharing files.
It would appear that WhatsApp did not find any evidence of the hackers using the exploit. As for Telegram, the company did not respond at all at the time of writing.
Still, there are some conclusions that could be drawn from WhatsApp spokeswoman’s statement, such as the fact that the company apparently knew about similar vulnerabilities in the past. If the firm is unwilling to make the changes Symantec had recommended, the security company urges the users to disable their apps from saving files to external storages. WhatsApp allows users to do this in the Settings, where the user can proceed to Chats, and then to Media Visibility. However, WhatsApp spokesperson responded by saying that this will help with organizing media — not with preventing file storing in external storages. It is easier to do this in Telegram, simply by going to Settings/Chat Settings/ Save to Gallery.