According to the study, WhatsApp saves media files in public folders inside the phone storage. What this means os that malicious apps can easily access these files and modify them. The company published a blog post regarding this matter and showed how this attack might be carried out. They have also made public videos which show the various ways this can be exploited to manipulate media files saved in phone memory, using Man-in-the-Disk attacks.
Symantec clarified that WhatsApp for Android is vulnerable to this attack. However, for Telegram, the attack can only occur if the users enable the app’s ‘Save to Gallery’ feature. However, they have not mentioned if the same applies to the WhatsApp media as well.
The company has mentioned that in cases of image manipulation, payment manipulation, audio message spoofing, and fake news this hack might be employed. Symantec suggests how app developers can prevent the hack. The app developers employe techniques such as verifying file integrity with hashes and checksums, storing media files in internal memory to prevent the hack. WhatsApp users can turn the toggle off in the Media Visibility setting. For Telegram, users can go to the Chat Settings, from there to Save to Gallery and turning the toggle off.