Security researchers from Symantec Modern OS Security team found out that there is an existing vulnerability that can allow hackers and cybercriminals to manipulate files sent from one user to another on WhatsApp and Telegram.
Both WhatsApp and Telegram, along with other instant messaging platforms, have end-to-end encryption – which makes the message safe to send and receive. End-to-end encryptions only allow the sender and the receiver to read the contents of the images, and even the company has no human-readable copies of the messages sent.
However, according to the research, the vulnerability, dubbed as “Media File Jacking” can bypass the end-to-end encryption in the said apps and works on Android by default for WhatsApp and on Telegram if certain features are enabled. Watch the following video:
In the above video, Symantec showed that through the vulnerability, they were able to change the faces in a photo to look like Nicolas Cage. As hilarious, and amazing as that is, there is more to fear than a real-life version of his movie.
Let’s say someone sent you a receipt or an invoice. A hacker could alter the information about the account, routing number, or the amount! Suddenly, rather than reimbursing someone for last night’s dinner, you just got duped into sending a stranger $50. Watch the following video:
The exploitation of the vulnerability may also come in the form of audio-spoofing where an attacker exploits the relations of trust between employees in an organization a the attacker can also program the new and manipulated file to mimic the voice of another person.
What’s being done about this?
There is one big thing you can do to protect yourself when using WhatsApp and Telegram: become invisible. Symantec is encouraging users to by disabling the feature that saves media files to external storage in order the mitigate the possible attacks using the exposed vulnerability.
So you need to remove your gallery’s visibility. In WhatsApp, turn off “Media Visibility” in the settings menu. In Telegram, toggle off “Save to Gallery” from the settings as well.