Home Articles How Hackers Compromised Media files on WhatsApp And Telegram

How Hackers Compromised Media files on WhatsApp And Telegram


According to a recent report, hackers can compromise media files on WhatsApp and Telegram. Read on to know more about it…

If you thought your messages and files in WhatsApp and Telegram are safe due to encryption, then you are wrong. Researchers at Symantec have revealed that files saved through WhatsApp and Telegram apps are still vulnerable to attacks. Symantec published a report in which it details vulnerabilities present in both apps on Android that could potentially allow malicious actors to hijack shared media files and replace them before recipients realize what’s going on. Apps such as WhatsApp and Telegram either use the phone’s storage or external storage when you want to save your files, and malware with external storage access could be used to exploit this data.

The Attack
The attack is called ‘Media File Jacking’ and all that a hacker needs to gain access to files or alter them is a malicious app. Theoretically, one can also alter an outgoing multimedia message without the user’s notice. To prevent this from happening would mean users will have to limit their accessibility to the apps.

According to Symantec’s report, this “Media File Jacking” is possible because of the way both WhatsApp and Telegram store media files that are shared through the app. Android apps ultimately have two options when it comes to storing files and data: they can store them internally or externally. If an Android app is storing files internally, then those files are only accessible by the app itself, not by other apps. Conversely, files stores externally can be accessed by other apps or users.

Symantec reported that many Android apps store data externally through the Write-to-External permission, finding that “nearly 50% of a given device’s apps have this permission.” Both WhatsApp and Telegram store media files shared through the apps externally, and Symantec has discovered that in the period of time between when a shared file is written to the device and when it’s loaded for end-users in the apps themselves, malware has a window of opportunity to replace those files with malicious files of its own.

Beyond all of that, Symantec also says that the attack can be launched from either the sender or the recipient’s device, so even if you’re sure you don’t have any malicious apps installed on your device, that doesn’t guarantee protection from this exploit. Symantec goes on to detail the number of ways this can be used, from image manipulation to more serious attacks like payment manipulation and audio message spoofing.

The Symantec blog post goes on to give some examples of how app developers can try and prevent a hack such as this from affecting their apps. Symantec suggests that app developers employ techniques such as verifying file integrity with hashes and checksums, storing media files in internal memory to prevent other apps and malicious actors from accessing them, and encrypting media files.  App developers can protect against malicious attacks that take advantage of the fact that media is often stored in public directories, whether that’s validating the integrity of files before they are loaded by the app or simply using internal storage for media files.

The blog also gives some tips for end-users to try and mitigate these hacks from affecting them. For WhatsApp users, Symantec recommends to go to Settings -> Chats -> Media Visibility and turning the toggle off. In Telegram, the process is mostly the same, as you’ll go into Settings, then Chat Settings, and turn off “Save to Gallery.”


Please enter your comment!
Please enter your name here

− 1 = 5