Media File Jacking: WhatsApp and Telegram state that all its messages are end-to-end encrypted. But have you ever thought about the media files that you receive from those two social media platforms separately if they are end-to-end encrypted or cannot be tampered with? Well, it’s high time you should think about it. The security researchers at Symantec recently has demonstrated multiple interesting attack scenarios against the most famous and as well as widely used social media platforms, Telegram and WhatsApp, which could permit malicious actors to spread fake news or scam users into sending payments to wrong accounts.
Image Source: https://www.timesnownews.com
Dubbed in as the “Media File Jacking“, the attack leverages an already known fact, which is any app installed on a device can access and rewrite files saved in the external storage, including all the files saved by other apps installed on the same device. WhatsApp and Telegram permit the users to choose whether they want to choose whether they want to save all the incoming multimedia files on the internal or external storage of their device. Nevertheless, WhatsApp for Android by default automatically stores media files in the external storage, while Telegram for Android, on the other hand, uses internal storage to store users files that are not accessible to any other app. it has also been recorded that many users of Telegram manually change this setting to external storage, using “Save to Gallery” option in the settings, when they want to re-share received media files with their friends using other communication apps like Gmail, Facebook Messenger or WhatsApp. It should also be noted that the attack is not only limited to WhatsApp and Telegram but at the same time affects the functionality and privacy of many other Android apps as well.
Similar to the man-in-the-disk attacks, a malicious app installed on a recipient’s device can intercept and manipulate media files, such as private photos, documents, or videos, sent between users through the device’s external storage without the recipients’ knowledge and in real-time. The researchers have illustrated and demonstrated four attack scenarios, as explained below, wherein a malware app can instantaneously analyze and manipulate incoming files that leads to:
Image Manipulation – In this type of attack scenario, an innocent-looking yet malicious app downloaded by a user can run in the background in order to perform a Media File Jacking attack while the victim uses WhatsApp and “manipulate personal photos in near-real-time and without the victim knowing.”
Payment Manipulation – In this type of attack scenario, which researchers call as “one of the most damaging Media File Jacking attacks”, a malicious file can manipulate an invoice sent by a vendor to customers to trick them into making a payment to an account that is controlled by the attacker.
Audio Message Spoofing – In this type of attack scenario, the attackers can exploit the relations of trust between employees in an organization. They can use voice reconstruction through deep learning technology to alter an original audio message for their personal gain or to wreak havoc.
Contamination of Fake News – In this type of attack scenario, especially in Telegram, the admins utilizes the concept of “channels” in order to broadcast messages to an unlimited number of subscribers who consume the published content. Taking the help of Media File Jacking attacks, an attacker can change the media files that appear in a trusted channel feed in real-time to spread fake news.
Symantec has already notified Telegram and Facebook/WhatsApp about the Media File Jacking attacks, but it believes that the issue will be addressed by Google with its upcoming Android Q update. Android Q update includes a new privacy feature called Scoped Storage that changes the way apps access files on a device’s external storage. Scoped Storage is a brand new concept that gives each app an isolated storage sandbox into the device external storage where no other app can directly access data saved by other apps on your device. Until then, the users can mitigate the risk of such attacks by disabling the feature responsible for saving media files to the device’s external storage. To do as stated, Android users can head on to:
WhatsApp: Settings → Chats → Turn the toggle off for ‘Media Visibility’
Telegram: Settings → Chat Settings → Disable the toggle for ‘Save to Gallery’
Source: The Hacker News
Disclaimer: Darkweblink.com does not promote or endorse claims that have been made by any parties in this article. The information provided here is for the general purpose only and unintended to promote or support purchasing and/or selling of any products and services or serve as a recommendation in the involvement of doing so. Neither Darkweblink.com nor any member is responsible directly or indirectly for any loss or damage caused or alleged to be caused by or in relation with the reliance on or usage of any content, goods or services mentioned in this article.