Hackers have devised a new form of stealing sensitive photos or videos sent by WhatsApp users.
That’s the claim from security researchers who’ve discovered that ‘malicious actors’ now know how to ‘expose and manipulate’ files sent using the Facebook-owned app.
Crooks dreamed up a hacking technique called ‘media file jacking’ which takes advantage of the fact there’s a tiny time lapse between the moment when media files received over WhatsApp are saved to disc and then displayed in the software’s user interface.
‘This critical time lapse presents an opportunity for malicious actors to intervene and manipulate media files without the user’s knowledge,’ the tech firm Symantec warned.
‘If the security flaw is exploited, a malicious attacker could misuse and manipulate sensitive information such as personal photos and videos, corporate documents, invoices, and voice memos.
‘Attackers could take advantage of the relations of trust between a sender and a receiver when using these IM apps for personal gain or to wreak havoc.’
The tech firm said WhatsApp users falsely believed the messaging app was bulletproof and immune to hackers, because it uses end-to-end encryption to safeguard the content of messages so only the sender and recipient can read them.
‘While end-to-end encryption is an effective mechanism to ensure the integrity of communications, it isn’t enough if app-level vulnerabilities exist in the code,’ Symantec added.
‘The Media File Jacking threat is especially concerning in light of the common perception that the new generation of IM apps is immune to content manipulation and privacy risks, thanks to the utilization of security mechanisms such as end-to-end encryption.
‘Users generally trust IM apps such as WhatsApp and Telegram to protect the integrity of both the identity of the sender and the message content itself.
‘This is in contrast to older apps/protocols such as SMS, which are known to be spoofed pretty easily.
‘However, as we’ve mentioned in the past, no code is immune to security vulnerabilities.
There’s a simple way to protect yourself: make sure your WhatsApp is updated at all times.
The issue affects Android users, so they should make sure they keep checking for new versions of the software on Google Play.
To update WhatsApp, go to the Play Store, then tap ‘menu’ followed by ‘my apps & games’.
Then tap ‘update’ to install the software.
WhatsApp said it was looking at ways to tackle the problem.
‘WhatsApp has looked closely at this issue and it’s similar to previous questions about mobile device storage impacting the app ecosystem,’ the company said in a statement.
‘WhatsApp follows current best practices provided by operating systems for media storage and looks forward to providing updates in line with Android’s ongoing development.’
Source: Read Full Article