Media File Jacking Attacks Possible in Telegram and WhatsApp

Media File Jacking Attacks Possible in Telegram and WhatsApp

1 Star2 Stars3 Stars4 Stars5 Stars (1 stemmer, gennemsnit: 5.00 ud af 5)
Loading ...

Have you heard of media file jacking attacks? This is the type of attack where malicious actors become capable of manipulating media files. Desværre, the media file jacking attack is not hypothetical.

Symantec’s Modern OS Security team just reported that WhatsApp and Telegram are both vulnerable to this attack. WhatsApp for Android, især, is vulnerable by default, where Telegram for Android is when specific features are enabled.

Where Does the File Jacking Vulnerability Stem From?

"It stems from the lapse in time between when media files received through the apps are written to the disk, and when they are loaded in the apps’ chat user interface (UI) for users to consume", forskerne forklarede i deres rapport.

The critical time lapse opens a gate for attackers to intercept and manipulate media files. Selvfølgelig, this is done without the knowledge or permission of the Android device’s owner. I tilfælde af en vellykket udnytte, sensitive information could be abused or altered, including personal photos and videos, vigtige dokumenter, fakturaer, voice memos. Endvidere, threat actors could also exploit the relations between a sender and a receiver in a communication to their personal gain.

The main concern with this vulnerability, dog, lies elsewhere:

The Media File Jacking threat is especially concerning in light of the common perception that the new generation of IM apps is immune to content manipulation and privacy risks, thanks to the utilization of security mechanisms such as end-to-end encryption.

Relaterede: CVE-2019-3568 i WhatsApp Exploited Brug Pegasus Spyware

Media File Jacking Attack: the Consequences

The attack is similar to the so-called man-in-the-disk attack. kort sat, a malicious app installed on a recipient’s device can be used to hijack private media files which are sent via the device’s external storage.
Dybest set, there are four attack scenarios stemming from the media file jacking vulnerability.

1. Image manipulation, where “a seemingly innocent, but actually malicious, app downloaded by a user can manipulate personal photos in near-real time and without the victim knowing."
2. Payment manipulation, where “a malicious actor can manipulate an invoice sent by a vendor to a customer, to trick the customer into making a payment to an illegitimate account."
3. Audio message spoofing, where “an attacker exploits the relations of trust between employees in an organization."
4. Fake news spread via Telegram: "In Telegram, admins use the concept of “channels” to broadcast messages to an unlimited number of subscribers who consume the published content. An attacker can change the media files that appear in the channel feed in real time."

The Symantec security team has notified both Telegram and Facebook about the media file jacking vulnerability. It is highly likely that Google will address the problem with the release of Android Q. Further details about addressing the issue are available in rapporten.

Relaterede: WhatsApp Sårbarhed giver hackere at manipulere meddelelser

It is noteworthy that in August 2018, a particular vulnerability in WhatsApp could allow malicious users to infiltrate group chats and manipulate the messages of individual users. The hackers could take advantage of the malicious method and abuse it to intercept and change contents of messages sent in private conversations or large group chats.


Milena Dimitrova

En inspireret forfatter og indhold leder, der har været med SensorsTechForum for 4 år. Nyder ’Mr. Robot’og frygt’1984’. Fokuseret på brugernes privatliv og malware udvikling, hun tror stærkt på en verden, hvor cybersikkerhed spiller en central rolle. Hvis almindelig sund fornuft giver ingen mening, hun vil være der til at tage noter. Disse noter senere kan blive til artikler!

Flere indlæg

Efterlad en kommentar

Din e-mail-adresse vil ikke blive offentliggjort. Krævede felter er markeret *

Frist er opbrugt. Venligst genindlæse CAPTCHA.

Del på Facebook Del
Loading ...
Del på Twitter Tweet
Loading ...
Del på Google Plus Del
Loading ...
Del på Linkedin Del
Loading ...
Del på Digg Del
Del på Reddit Del
Loading ...
Del på Stumbleupon Del
Loading ...