WhatsApp is by far the most popular messaging platform in India, with at least 3 out of every 5 Indians using the app.
And why not? It's free, convenient, connects you with everyone, and has end-to-end encryption. But sometimes, that security fails us.
Cybersecurity researchers at Symantec have discovered an exploit in both WhatsApp and Telegram, that expose your personal photos and documents to attackers. Dubbed Media File Jacking, the security flaw is caused by a time lag between when you receive images in chat, and when they're downloaded and written to your storage.?
The thing is, people wouldn't expect this sort of vulnerability because the two apps keep going on about their end-to-end encryption, which should keep their chats safe. So that makes this flaw more problematic.
When hackers abuse this flaw they don't just get access to steal your photos, but they could also with the right tools manipulate them in real time. For instance, if you've downloaded a malicious app that exploits this flaw, it could alter photos you receive in real time, without you even realizing it.?
Another trick Symantec hypothesized is an attacker manipulating an invoice sent to a customer, so they end up paying the amount to the hacker instead of the person it's meant to go to.
We've also already seen how scammers are using AI to fake people's voices in order to carry out phone call phishing attacks. That sort of AI can very easily be applied to audio messages recorded and sent in instant messengers in order to cause trouble.
And in Telegram especially, a lot of people follow 'channels' on the app as a sort of news source. Yet, thanks to this flaw, an attacker can alter media files while they're in transit, spreading fake news among recipients to incite terror or violence.
Symantec did notify both WhatsApp and Telegram about the security loophole before going public, given that they would otherwise be endangering their combined over 1.5 billion users. WhatsApp subsequently released a statement saying it has "looked closely at this issue and it's similar to previous questions about mobile device storage impacting the app ecosystem." Basically, they say implementing the changes Symantec suggests could compromise the privacy of users and limit their ability to share files, implying they're not currently putting in a fix.
If you want to protect yourself, the security researchers suggest disabling the feature in your app that saves media files to external storage. In WhatsApp, you do that by going to Settings, clicking on the 'Chats' tab, and then turning off the feature 'Media Visibility'.?
In Telegram, you go to your settings and the 'Chat Settings' under that, and turn off 'Save to Gallery'.