July 17, 2019 08:15 AM
Updated July 17, 2019 at 08:17
While they are known for encrypting messages, experts have discovered a vulnerability in Android's WhatsApp and Telegram that can corrupt files sent through two messaging applications.
A researcher at Symantec, a cyber security company, has announced a way for hackers to use malicious code to change multimedia files sent through a service they do not know about.
This vulnerability is called "Media File Jacking".
The vulnerability occurs between the time that a multimedia file received through an application is written to the smartphone's external memory and the time it is loaded into the application's chat interface, Symantec explained on its blog.
"After this long period of time, malicious actors have the opportunity to intervene and manipulate multimedia files without the user's knowledge."
Android applications can store files and information in two locations, internal and external.
For internal storage, the file can only be accessed through the application itself, so no other application can access it.
However, other applications can access files stored in external storage.
According to Android, "Internal storage is better if you do not want users or other applications to access the file."
Conversely, "external storage is the best place for files that do not require access restrictions and files that you want to share with other applications or allow users to access your computer."
Image captions By default, WhatsApp stores files in external storage (GETTY IMAGES).
By default, WhatsApp saves files to external storage and saves them when the application's "Save to Gallery" feature is enabled.
This means that if you have malicious applications that have access to external storage or have downloaded them, you can use it to access and manipulate multimedia files in Whatsapp and Telegram.
For example, if a user receives a picture from WhatsApp, malware can manipulate the image without the recipient being aware of it.
How to Protect Yourself
To reduce the risk, you can disable automatic storage of files from external storage in WhatsApp and Telegram.
For the auto-launching Whasapp, you need to go to the Settings> & # 39; Chat & # 39; menu and disable the & # 39; visibility of multimedia files & # 39; option.
For telegrams, external storage is not enabled by default, but if enabled, you can disable the & # 39; Save to Gallery & # 39; option by going to Settings> Chat settings.
Image caption templates only store files in external storage ("GETTY IMAGES") if the "Save to Gallery" feature is enabled.
In order to fix the vulnerability, Symantec has made several recommendations to WhatsApp and Telegram about changes to file validation and storage.
However, changing the storage system could limit the ability of the service to share multimedia files and other privacy issues, WhatsApp said.
"WhatsApp has carefully analyzed this issue and is similar to previous questions about mobile device storage affecting the application ecosystem," WhatsApp said in a statement.
"WhatsApp follows the latest best practices for operating systems for media storage devices, and we look forward to continuing development of Android to deliver online updates."
I did not give an immediate ruling on this matter.