WhatsApp and Telegram have become the two most popular instant online messaging these days. With their easy-to-share photos, documents, contacts, and location, along with their end-to-end encryption, WhatsApp and Telegram have become successful in holding their popularity among its users. Over time the belief among its users regarding their privacy policy has only increased. However, Symantec recently conducted research which showed that apps like WhatsApp and Telegram and the media files saved on smartphones would easily fall prey to malicious programs for them to modify even before users get to see the originals. The study also explained the reason for this.
According to the study, WhatsApp saves media files in public folders inside the phone storage. What this means os that malicious apps can easily access these files and modify them. The company published a blog post regarding this matter and showed how this attack might be carried out. They have also made public videos which show the various ways this can be exploited to manipulate media files saved in phone memory, using Man-in-the-Disk attacks.
Symantec clarified that WhatsApp for Android is vulnerable to this attack. However, for Telegram, the attack can only occur if the users enable the app’s ‘Save to Gallery’ feature. However, they have not mentioned if the same applies to the WhatsApp media as well.
The company has mentioned that in cases of image manipulation, payment manipulation, audio message spoofing, and fake news this hack might be employed. Symantec suggests how app developers can prevent the hack. The app developers employe techniques such as verifying file integrity with hashes and checksums, storing media files in internal memory to prevent the hack. WhatsApp users can turn the toggle off in the Media Visibility setting. For Telegram, users can go to the Chat Settings, from there to Save to Gallery and turning the toggle off.
