DigitalCIO
No Result
View All Result
  • Home
  • Tech News
  • Market Insights
  • CIO Interviews
  • Events and Conferences
  • Opinion and Analysis
  • Resources
DigitalCIO
  • Home
  • Tech News
  • Market Insights
  • CIO Interviews
  • Events and Conferences
  • Opinion and Analysis
  • Resources
No Result
View All Result
Digitalcio
No Result
View All Result
Home Archive

How Hackers Compromised Media files on WhatsApp And Telegram

DigitalCIO Bureau by DigitalCIO Bureau
July 16, 2019
in Archive
0
74
SHARES
1.2k
VIEWS
Share on FacebookShare on Twitter

According to a recent report, hackers can compromise media files on WhatsApp and Telegram. Read on to know more about it…

If you thought your messages and files in WhatsApp and Telegram are safe due to encryption, then you are wrong. Researchers at Symantec have revealed that files saved through WhatsApp and Telegram apps are still vulnerable to attacks. Symantec published a report in which it details vulnerabilities present in both apps on Android that could potentially allow malicious actors to hijack shared media files and replace them before recipients realize what’s going on. Apps such as WhatsApp and Telegram either use the phone’s storage or external storage when you want to save your files, and malware with external storage access could be used to exploit this data.

The Attack
The attack is called ‘Media File Jacking’ and all that a hacker needs to gain access to files or alter them is a malicious app. Theoretically, one can also alter an outgoing multimedia message without the user’s notice. To prevent this from happening would mean users will have to limit their accessibility to the apps.

According to Symantec’s report, this “Media File Jacking” is possible because of the way both WhatsApp and Telegram store media files that are shared through the app. Android apps ultimately have two options when it comes to storing files and data: they can store them internally or externally. If an Android app is storing files internally, then those files are only accessible by the app itself, not by other apps. Conversely, files stores externally can be accessed by other apps or users.

Symantec reported that many Android apps store data externally through the Write-to-External permission, finding that “nearly 50% of a given device’s apps have this permission.” Both WhatsApp and Telegram store media files shared through the apps externally, and Symantec has discovered that in the period of time between when a shared file is written to the device and when it’s loaded for end-users in the apps themselves, malware has a window of opportunity to replace those files with malicious files of its own.

Beyond all of that, Symantec also says that the attack can be launched from either the sender or the recipient’s device, so even if you’re sure you don’t have any malicious apps installed on your device, that doesn’t guarantee protection from this exploit. Symantec goes on to detail the number of ways this can be used, from image manipulation to more serious attacks like payment manipulation and audio message spoofing.

Mitigation
The Symantec blog post goes on to give some examples of how app developers can try and prevent a hack such as this from affecting their apps. Symantec suggests that app developers employ techniques such as verifying file integrity with hashes and checksums, storing media files in internal memory to prevent other apps and malicious actors from accessing them, and encrypting media files.  App developers can protect against malicious attacks that take advantage of the fact that media is often stored in public directories, whether that’s validating the integrity of files before they are loaded by the app or simply using internal storage for media files.

The blog also gives some tips for end-users to try and mitigate these hacks from affecting them. For WhatsApp users, Symantec recommends to go to Settings -> Chats -> Media Visibility and turning the toggle off. In Telegram, the process is mostly the same, as you’ll go into Settings, then Chat Settings, and turn off “Save to Gallery.”

Share30Tweet19
DigitalCIO Bureau

DigitalCIO Bureau

Recommended For You

SE Labs Award Validates NetApp’s Status as the World’s Most Secure Storage

by DigitalCIO Bureau
July 8, 2025
0

NetApp has announced that it was recognized as a standout performer in cybersecurity in the SE LABS  Awards 2025. NetApp won the 2025 SE Labs Award for Enterprise...

Read moreDetails

India’s Digital Identity Surge Comes with Rising Concerns Around AI and Trust: Okta Report

by DigitalCIO Bureau
July 3, 2025
0
The Evolving Role of AI in Data Protection

Indian consumers continue to rapidly adopt digital technologies while navigating unique challenges in trust and security, reveals the 2025 Customer Identity Trends Report from Okta, The World’s Identity...

Read moreDetails

Pax8 Introduces Era of Managed Intelligence

by DigitalCIO Bureau
June 19, 2025
0
Pax8 Introduces Era of Managed Intelligence

Pax8 has released its inaugural research report, The Agentic Inflection Point: And the Rise of the Managed Intelligence Provider. The comprehensive study defines the future of small-to-midsized business (SMB) operations, transformed...

Read moreDetails

Barracuda Unveils AI-Powered Cybersecurity Platform BarracudaONE in India

by DigitalCIO Bureau
June 3, 2025
0

Barracuda Networks has unveiled the BarracudaONE AI-powered cybersecurity platform. BarracudaONE maximizes threat protection and cyber resilience by unifying layered security defenses and providing deep, intelligent threat detection and response for...

Read moreDetails

Check Point Acquires Veriti To Minimize Digital Vulnerabilities

by DigitalCIO Bureau
May 28, 2025
0
Check Point Acquires Veriti To Minimize Digital Vulnerabilities

Check Point Software Technologies has announced a definitive agreement to acquire Veriti Cybersecurity, the first fully automated, multi-vendor pre-emptive threat exposure and mitigation platform. “The acquisition of Veriti...

Read moreDetails
Next Post

Eightfold Inaugurates 'Eightfold Nalanda' in India to Accelerate Global Expansion

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Related News

VTEX Partners with Vinculum to Elevate Customer Experience in India

Microsoft Partners With Brookfield To Deliver 10.5 GW of New Renewable Power Capacity

May 2, 2024

Capgemini Invent launches Smart Mobility Connect

October 23, 2018
Qlik  Launches Qlik Open Lakehouse

Qlik Launches Qlik Open Lakehouse

May 15, 2025

Browse by Category

  • Acquisition
  • Appointment
  • Archive
  • Artificial Intelligence
  • CIO Interviews
  • Cloud
  • Datacenter
  • Events and Conferences
  • Market Insights
  • News
  • Opinion and Analysis
  • Products
  • Resources
  • Security
  • Storage
  • Tech News
  • Telecom
Digitalcio

Welcome to DigitalCIO, your ultimate source for staying ahead in the ever-evolving world of technology and business.

BROWSE BY TAG

Acquisition AI Appointment artificial intelligence Artificial Intelligence and Machine Learning AWS Barracuda Big Data and Analytics Blockchain CISCO Cloud Computing Cloudflare Commvault CrowdStrike Cybersecurity Digital Transformation Dynatrace E-books Fortinet Gartner GenAI Generative AI Google Cloud HCLTech Honeywell IBM Infographics Internet of Things (IoT) Kaspersky Microsoft Netskope NTT DATA Palo Alto Networks Panel Discussion Qlik Salesforce ServiceNow Sophos Tenable Trend Micro Veeam Veeam Software Webinars Whitepaper Zscaler

CATEGORIES

  • Tech News
  • Market Insights
  • CIO Interviews
  • Events and Conferences
  • Opinion and Analysis
  • Resources
  • Archive

NAVIGATION

  • Home
  • About Us
  • Advertise with Us
  • Contact Us

© 2024 digitalcio.in - All rights reserved.

No Result
View All Result
  • Home
  • Tech News
  • Market Insights
  • CIO Interviews
  • Events and Conferences
  • Opinion and Analysis
  • Resources

© 2024 digitalcio.in - All rights reserved.

Are you sure want to unlock this post?
Unlock left : 0
Are you sure want to cancel subscription?