TechInAfrica – WhatsApp and Telegram are instant messaging apps most used in the world. They enable people around the world to text chat, video chat, and share files over their networks conveniently and easily. However, Symantec’s report on these networks reveals worrying findings.
According to the report, ‘Media file jacking’ flaw has affected the WhatsApp and Telegram instant apps for Android. In other words, files shared via these apps are at risk of being exposed and manipulated by ‘malicious actors’ if particular features are enabled.
“It stems from the lapse in time between when media files received through the apps are written to the disk, and when they are loaded in the apps’ chat user interface (UI) for users to consume. This critical time lapse presents an opportunity for malicious actors to intervene and manipulate media files without the user’s knowledge,” said Symantec explaining how it works.
This vulnerability leads hackers to misuse and exploit files such as personal photos, videos, documents, invoices, and voice memos shared on the platforms. The impact of the vulnerability is that hackers can manipulate the image, payment, audio messages, and spread fake news. Thus, this can lead to misunderstanding and chaos between people who communicate via the apps.
Symantec explains that WhatsApp and Telegram can protect the threats by validating the integrity of files, storing media in non-public directories and encrypting sensitive files. The good news is that Google is planning to change how to access files with Android Q. It will implement a more restrictive way to access files on our mobile phone and be able to mitigate threats that exploit the WhatsApp or Telegram flaw.