An alleged vulnerability in WhatsApp and Telegram for Android could expose media files sent and received by messengers. According to researchers at Symantec's digital security company, a malicious app allows a hacker to view and manipulate content without the user noticing it.
The failure, called "Media File Jacking"(hijacking media files) would take advantage of a breach in end-to-end encryption offered by services to modify files, leaving the user with the new version. This could expose photos, videos, audio and personal documents, opening up opportunity for fake messages and scams.
Malware swaps apps for fake versions and affects 25 million phones
WhatsApp and Telegram: Media received by app is not so safe Photo: Anna Kellen Bull / TechTudo
Want to buy a cell phone, TV and other discounted products? Meet the Compare TechTudo
On Android devices, media received on WhatsApp and Telegram can be saved in two places: within the app itself and in the phone gallery. Files in the second situation may be vulnerable to error. According to the researchers, just as the application is downloading media, its encryption does not fully protect it. This allows malware to access the file and be able to change it, leaving the user with the modified version.
Failure by default affects all WhatsApp users for Android. This is because the messenger automatically saves media to device storage. In the case of Telegram, this setting is optional, but activating it may leave the device vulnerable.
One of the scam possibilities, according to the Symantec revelation, is that the hacker manipulates a voice message to solicit money from an unlawful account owned by the attacker. It would also be possible to change an important document or even a bank slip without the user suspecting the change.
Telegram: Media received by the app is not so safe Foto: Helito Beggiora / TechTudo
It is possible to take some action to protect yourself from the security breach. Adjustments to the security options of both applications can prevent data exposure. In WhatsApp, go to Settings> Conversations. Uncheck the "Media Visibility" option. In Telegram, click Settings> Chat Settings. Disable the "Save to Gallery" option. Remember that the breach only affects users who have their device hacked by malware. Therefore it is important to have an antivirus installed on your phone.
What WhatsApp and Telegram Say
According to the WhatsApp spokesman, the company looked closely at the issue and noted similarities to previous issues involving the impact of mobile storage on the application ecosystem. "WhatsApp follows current best practices provided by operating systems for media storage and seeks to provide updates as Android continues to develop. The changes suggested here may create privacy complications for our users and limit the way photos and files may be shared.
O TechTudo contacted Telegram, but got no response until this issue was published.
How to block conversations in WhatsApp Web