While they’re known for strongly encrypting messages in transit, apps like WhatsApp and Telegram may not always be able to keep files safe after they’re on your phone. Researchers from Symantec explain how hackers could use a malicious app to subtly alter media files sent through the services.
While they’re known for strongly encrypting messages in transit, apps like WhatsApp and Telegram may not always be able to keep files safe after they’re on your phone. Researchers from Symantec explain how hackers could use a malicious app to subtly alter media files sent through the services.
On Android, apps can choose to save media, like images and audio files, through either internal storage that’s only accessible through the app, or external storage which is more widely available to other apps. WhatsApp, by default, stores media through external storage, and Telegram does so when the app’s “Save to Gallery” feature is enabled.
According to the researchers, the design means malware with external storage access could be used to access WhatsApp and Telegram media files, maybe even before the user sees them. If a user downloads a malicious app, for example, and then receives a photo on WhatsApp, a hacker could manipulate the image without the receiver ever noticing. A hacker could theoretically alter an outgoing multimedia message as well.
The researchers call the attack “Media File Jacking.” In many ways, it’s a known issue and a trade-off between privacy and accessibility for messaging apps on Android. By using the external storage setting, which is widely used, apps are more compatible with others, allowing pictures and other data to move more freely. But that comes with a cost: last year, researchers pointed out similar issues.
Telegram did not immediately respond to a request for comment. A WhatsApp spokesperson said changing its storage system would limit the service’s ability to share media files, and even introduce new privacy issues. “WhatsApp has looked closely at this issue and it’s similar to previous questions about mobile device storage impacting the app ecosystem,” the spokesperson said in a statement. “WhatsApp follows current best practices provided by operating systems for media storage and looks forward to providing updates in line with Android’s ongoing development.”
Still, these aren’t just any messaging apps. As the researchers point out, users generally trust encrypted apps “to protect the integrity of both the identity of the sender and the message content itself.”
“However,” the researchers write, “as we’ve mentioned in the past, no code is immune to security vulnerabilities.”
Delhi schools to enforce minimum age of 6 for Class 1 from 2026-27
.jpg&w=256&q=75)
Amit Shah visits Chattisgarh's Nava Raipur: vows relentless anti‑Maoist drive and highlights smart city growth
.jpg&w=256&q=75)
Flash flood in Balasore inundates 61 villages, leaving over 50,000 affected
.jpg&w=256&q=75)
Egyptian foreign minister postpones India visit amid tensions over US strikes on Iran
.jpg&w=256&q=75)
Trump’s proposed STEM budget cuts spark concern amid global tech race; judge blocks key funding cap
Flash flood in Balasore inundates 61 villages, leaving over 50,000 affected
Egyptian foreign minister postpones India visit amid tensions over US strikes on Iran
.jpg&w=256&q=75)
Tehran reports no radiation leaks after US strikes on nuclear sites, warns of retaliation
.jpg&w=256&q=75)
India expands Operation Sindhu to evacuate Nepalese and Sri Lankan nationals from Iran
.jpg&w=256&q=75)
Modi leads India’s 11th International Yoga Day in Vizag under “Yoga for One Earth, One Health” theme
Delhi schools to enforce minimum age of 6 for Class 1 from 2026-27
Amit Shah visits Chattisgarh's Nava Raipur: vows relentless anti‑Maoist drive and highlights smart city growth
Flash flood in Balasore inundates 61 villages, leaving over 50,000 affected
Egyptian foreign minister postpones India visit amid tensions over US strikes on Iran
Trump’s proposed STEM budget cuts spark concern amid global tech race; judge blocks key funding cap
Flash flood in Balasore inundates 61 villages, leaving over 50,000 affected
Egyptian foreign minister postpones India visit amid tensions over US strikes on Iran
Tehran reports no radiation leaks after US strikes on nuclear sites, warns of retaliation
India expands Operation Sindhu to evacuate Nepalese and Sri Lankan nationals from Iran
Modi leads India’s 11th International Yoga Day in Vizag under “Yoga for One Earth, One Health” theme
Copyright© educationpost.in 2024 All Rights Reserved.
Designed and Developed by @Pyndertech