Media File Jacking Attacks Possible in Telegram and WhatsApp
CYBER NEWS

Media File Jacking Attacks Possible in Telegram and WhatsApp

1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 5.00 out of 5)
Loading...

Have you heard of media file jacking attacks? This is the type of attack where malicious actors become capable of manipulating media files. Unfortunately, the media file jacking attack is not hypothetical.

Symantec’s Modern OS Security team just reported that WhatsApp and Telegram are both vulnerable to this attack. WhatsApp for Android, in particular, is vulnerable by default, where Telegram for Android is when specific features are enabled.




Where Does the File Jacking Vulnerability Stem From?

It stems from the lapse in time between when media files received through the apps are written to the disk, and when they are loaded in the apps’ chat user interface (UI) for users to consume”, the researchers explained in their report.

The critical time lapse opens a gate for attackers to intercept and manipulate media files. Of course, this is done without the knowledge or permission of the Android device’s owner. In case of a successful exploit, sensitive information could be abused or altered, including personal photos and videos, important documents, invoices, voice memos. Furthermore, threat actors could also exploit the relations between a sender and a receiver in a communication to their personal gain.

The main concern with this vulnerability, however, lies elsewhere:

The Media File Jacking threat is especially concerning in light of the common perception that the new generation of IM apps is immune to content manipulation and privacy risks, thanks to the utilization of security mechanisms such as end-to-end encryption.

Related: CVE-2019-3568 in WhatsApp Exploited Using Pegasus Spyware

Media File Jacking Attack: the Consequences

The attack is similar to the so-called man-in-the-disk attack. Shortly put, a malicious app installed on a recipient’s device can be used to hijack private media files which are sent via the device’s external storage.
Basically, there are four attack scenarios stemming from the media file jacking vulnerability.

1. Image manipulation, where “a seemingly innocent, but actually malicious, app downloaded by a user can manipulate personal photos in near-real time and without the victim knowing.”
2. Payment manipulation, where “a malicious actor can manipulate an invoice sent by a vendor to a customer, to trick the customer into making a payment to an illegitimate account.”
3. Audio message spoofing, where “an attacker exploits the relations of trust between employees in an organization.”
4. Fake news spread via Telegram: “In Telegram, admins use the concept of “channels” to broadcast messages to an unlimited number of subscribers who consume the published content. An attacker can change the media files that appear in the channel feed in real time.”

The Symantec security team has notified both Telegram and Facebook about the media file jacking vulnerability. It is highly likely that Google will address the problem with the release of Android Q. Further details about addressing the issue are available in the report.

Related: WhatsApp Vulnerability Allows Hackers to Manipulate Messages

It is noteworthy that in August 2018, a particular vulnerability in WhatsApp could allow malicious users to infiltrate group chats and manipulate the messages of individual users. The hackers could take advantage of the malicious method and abuse it to intercept and change contents of messages sent in private conversations or large group chats.

Avatar

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum for 4 years. Enjoys ‘Mr. Robot’ and fears ‘1984’. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles!

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...