WhatsApp and Telegram boast of end-to-end encryption. However, the latest exploit discovered by cyber-security Company Symantec grants access to personal, private and confidential media. The latest security vulnerability exposes all types of content that are sent and received on these two popular instant messaging platforms. The flaw is particularly concerning because WhatsApp, which is owned by Facebook, and Telegram continue to amass millions of daily users. Furthermore, the flaw relies on an inherent processing architecture for the media reception and storage techniques.

Cyber-security company Symantec has proof of a new exploit that can potentially expose WhatsApp and Telegram media files. The company has been referring to the security flaw as Media File Jacking. The exploit continues to remain unpatched. Although the hack isn’t easy to deploy, it has the ability to expose all the media that is exchanged on WhatsApp and Telegram. In simple words, no data, be it personal photos or corporate documents are safe. Using the exploit hackers can not only access all the media content, but they can also potentially manipulate the same as well. Needless to add, this poses a severe security risk to the users of the two most popular internet-dependent, instant messaging platforms. What makes the exploit even more threatening is the strong perception among the users about the security mechanisms like end-to-end encryption that supposedly render this new generation of IM apps immune to privacy risks.

What Is The Exploit Threatening User Content Of WhatsApp and Telegram And How Does It Work?

Symantec is calling the latest exploit that potentially exposes WhatsApp and Telegram media content, ‘Media File Jacking’. Essentially, the hack relies on a rather old and inherent process that handles media which is received by the apps. The process is not only responsible for receiving the media but writing the same to the removable flash memory of the devices on which WhatsApp or Telegram is installed.

The exploit relies on the time lapse between when media files received through the apps are written to a disk and when they are loaded in an app’s chat user interface. In other words, there are three different processes that take place. The first process receives the media, the second stores the same, and the third loads the media on to the instant messaging chat platform for consumption. Although all these processes happen very quickly, they take place sequentially, and the exploit essentially intervenes, interrupts and executes itself between them. Hence, the media that is displayed within the chat platforms, might not be authentic if intercepted by the ‘Media File Jacking’ exploit.

If the security flaw is correctly exploited, a malicious remote attacker can potentially misuse the sensitive information contained within the media. However, what is even more concerning is the attacker could also manipulate the information. Security researchers indicate hackers could access and tamper with media like personal photos and videos, corporate documents, invoices, and voice memos. This scenario is exponentially dangerous owing to the trust that has been established between the two users interacting on WhatsApp and Telegram. In other words, attackers could easily take advantage of the relations of trust between a sender and a receiver when using these apps. These social parameters could be easily exploited for personal gain, vendetta or to merely wreak havoc.

How Can WhatsApp and Telegram Users Protect Themselves From The New Security ‘Media File Jacking’ Exploit?

Symantec has mentioned some scenarios in which the ‘Media File Jacking’ exploit can be used, reported Venture Beat.

  • Image manipulation: A seemingly innocent, but actually malicious, app downloaded by a user can manipulate personal photos in near-real time and without the victim knowing.
  • Payment manipulation: A malicious actor could manipulate an invoice sent by a vendor to a customer, to trick the customer into making a payment to an illegitimate account.
  • Audio message spoofing: Using voice reconstruction via deep learning technology, an attacker could alter an audio message for their own personal gain or wreak havoc.
  • Fake news: In Telegram, admins use the concept of “channels” to broadcast messages to an unlimited number of subscribers who consume the published content. An attacker could change the media files that appear in a trusted channel feed in real-time to communicate falsities

The cyber-security company has indicated that WhatsApp and Telegram users can mitigate the risk posed by Media File Jacking by disabling the feature that saves media files to external storage. In other words, users must not grant permission to these apps to save the downloaded media on removable micro SD cards. The apps should be restricted to saving data on the internal memory of the devices on which these instant messaging apps are installed. Symantec’s researchers Yair Amit and Alon Gat, who are part of by Symantec’s Modern OS Security team, have written a paper on the same, and they mention some other techniques hackers are using. They have also mentioned some additional techniques for data protection for WhatsApp and Telegram users.

Symantec Mobile Threat: Attackers Can Manipulate Your WhatsApp and Telegram Media Files https://t.co/tgESrb20nG pic.twitter.com/f2JvvCfvXt

— Joerg (@joerg_jhs) July 15, 2019

Symantec Alerts WhatsApp and Telegram Team About The New Security Exploit That Exposes Users’ Media To Hackers:

Symantec accredited its malware detection engines to detecting apps that exploit the described vulnerability. It indicated that it was this platform that first caught some suspicious activity regarding media management on WhatsApp and Telegram. Incidentally, Symantec’s malware detection engines power Symantec Endpoint Protection Mobile (SEP Mobile) and Norton Mobile Security.

The cyber-security company confirmed that it has already alerted Telegram and Facebook/WhatsApp about the Media File Jacking vulnerability. Hence it is quite likely that the respective companies could quickly deploy patches or updates to protect its users from this new exploit. However, for the time being, users are recommended to restrict the apps from storing received media on the internal storage of their smartphones.

Facebook-owned WhatsApp, and Telegram are by far two of the most popular instant messaging platforms today. Collectively, the two platforms command a highly impressive and staggering user base of 1.5 billion users. Majority of the WhatsApp and Telegram trust their apps to protect the integrity of both the identity of the sender and the message content itself. These platforms have long back switched to end-to-end encryption which promises that no middleman can figure out the information being exchanged.