contador web Saltar al contenido

WhatsApp and Telegram Failure Give Media Access to Attackers

We commonly report faults and vulnerabilities that affect users of the Whatsapp or from Telegram, separately. This time, however, a serious error discovered by Symantec online security company could affect users of both platforms and the serious problem.

According to the firm, the vulnerability dubbed ?Media File Jacking? (something like ?Media File Theft?) can allow WhatsApp and Telegram media files (such as images, audio, and documents) are exposed and manipulated by crackers.

Thus, the breach not only allows attackers to access these messages, but also changes them even before the recipient views a particular file or message, including audio. Thus, it could happen that a particular voice message from a friend or relative of yours has actually been modified (from voice reconstruction software) based on another previously sent content, as seen in the video below.

This, of course, does not happen ?out of the blue?. In order to gain access to a device's content, a cracker needs the user to download a malicious app that contains the code to ?break? the security barriers of these messengers and create a copy of their account from another device. done remotely.

Other possibilities "allowed" by the flaw include: image manipulation (allowing the cracker to edit a photo sent from one user to another in real time); change of bank details in documents (an attacker could change an invoice sent by a vendor, for example by having the customer make the payment to an illegitimate account); and, of course, spreading fake news (causing the malicious agent to alter files on a ?trusted? channel or group to share fake news).

It is noteworthy that the vulnerability does not allow account hijacking, such as cases that have occurred in recent months, but gives attackers the chance to basically cheat any message sent between two users. That way, you would still have access to your account, but only see that your messages are handled after sending them, according to Symantec.

Before making the vulnerability public, the firm contacted Facebook (owner of WhatsApp) and Telegram to inform them of the vulnerability. For now, Telegram has not responded to comments about the failure.

Meanwhile, a WhatsApp spokesman said changing the app's privacy settings could limit access to media files (ie they know of the flaw), including disabling the option to save images sent or received by the service on internal device storage (on iOS: WhatsApp Settings Conversations Save to Camera Roll).

Telegram Imposer for Android

Symantec also found that a Telegram impostor app was being distributed on Google Play for Android devices. Called MobonoGram 2019 (but detected as Android.Fakeyouwon), the application claimed to have the same functions as the original messenger, but ran a number of malicious codes in the background and sent sensitive information from these devices to an external server.

By the time of its removal, it had been downloaded by some 100,000 users in various regions of the planet including Russia, where the official Telegram app is banned.

via VentureBeat