According to new research by Symantec, a new security flaw called 'Media File Jacking' could expose WhatsApp and Telegram media files on Android devices and it could be manipulated by malicious actors too. The media files and sensitive information could be misused if the security flaw is exploited. The 'Media File Jacking' security flaw affects WhatsApp for Android by default and the report reveals that it also affects Telegram for Android if certain features are enabled. The flaw is originated from the lapse in time between when media files received through the apps are written to the disk, and when they are loaded in the apps’ chat user interface for users to consume. This time-lapse gives the opportunity for malicious actors to intervene and manipulate media files without the user’s knowledge. WhatsApp supports an end to end encryption and Telegram provides end-to-end encryption for voice calls and optional end-to-end "secret" chats. But in spite of this, attackers may be able to successfully manipulate media files by taking advantage of logical flaws in the apps, that occur before and/or after the content is encrypted in transit, reveals the research. The findings also reveal that files saved to external storage are world-readable/writable and could be modified by other apps ...
Read Here»
Post a Comment Blogger Facebook
We welcome comments that add value to the discussion. We attempt to block comments that use offensive language or appear to be spam, and our editors frequently review the comments to ensure they are appropriate. As the comments are written and submitted by visitors of The Sheen Blog, they in no way represent the opinion of The Sheen Blog. Let's work together to keep the conversation civil.