Instant messaging apps like WhatsApp and Telegram have quickly caught on to become the de-facto standard for communication online these days, and with the implementation of features such as end-to-end encryption, the conviction that these messaging apps are completely safe, even for confidential and personal messaging, has only strengthened over time.
However, according to a research by Symantec, WhatsApp and Telegram media files saved on smartphones are incredibly easy for malicious programs to modify even before users get to see the originals. This, the company mentions, can be done because apps like WhatsApp save media files in public folders inside the phone storage, which means that malicious apps can easily access these files and modify them.
The company has published a blog post specifying exactly how this hack might be carried out, along with videos showing the various ways this might be exploited to manipulate media files saved in phone memory, using Man-in-the-Disk attacks.
According to Symantec, WhatsApp for Android is inherently susceptible to this attack, while Telegram is only susceptible if users enable the ‘Save to Gallery’ feature in the app. The company also mentions some use-cases where this hack might be employed:
- Image manipulation
- Payment manipulation
- Audio message spoofing
- Fake news
The blog post goes on to give some examples of how app developers can try and prevent a hack such as this from affecting their apps. Symantec suggests that app developers employ techniques such as verifying file integrity with hashes and checksums, storing media files in internal memory to prevent other apps and malicious actors from accessing them, and encrypting media files.
The blog also gives some tips for end-users to try and mitigate these hacks from affecting them. For WhatsApp users, the company recommends heading over to Settings -> Chats -> Media Visibility and turning the toggle off.
Telegram users can simply head over to Settings -> Chat Settings -> Save to Gallery and turn the toggle off.