Security researchers at Symantec demonstrated multiple attack scenarios against WhatsApp and Telegram, which could allow malicious user to spread fake news or scam users into sending payments to wrong accounts.
Dubbed “Media File Jacking,” the attack leverages an already known fact that any app installed on a device can access and rewrite files saved in the external storage, including files saved by other apps installed on the same device.
It should be noted that the attack is not just limited to WhatsApp and Telegram, and affects the functionality and privacy of many other Android apps as well.
“Media File Jacking” Attack
Just like any man-in-the-disk attacks, a malicious app installed on a recipient’s device can intercept and manipulate media files, such as private photos, documents, or videos, sent between users through the device’s external storage.
“Attackers could take advantage of the relations of trust between a sender and a receiver when using these IM apps for personal gain or wreaking havoc.”
How to Prevent this Attack?
Symantec already notified Telegram and Facebook/WhatsApp about the Media File Jacking attacks, but it believes the issue will be addressed by Google with its upcoming Android Q update.
Until then, users can mitigate the risk of such attacks by disabling the feature responsible for saving media files to the device’s external storage. To do so, Android users can head on to:
- WhatsApp: Settings → Chats → Turn the toggle off for ‘Media Visibility’
- Telegram: Settings → Chat Settings → Disable the toggle for ‘Save to Gallery’