It’s one of the most popular messaging apps around, but a new study may make you reconsider what you send on WhatsApp .
Researchers from Symantec have discovered a flaw in both WhatsApp and Telegram that could let hackers manipulate your private photos and videos.
The flaw, dubbed ‘Media File Jacking’, stems from the lapse in time between when media files are received through the apps, and when they’re loaded into the chat user interface.
Symantec explained: “This critical time lapse presents an opportunity for malicious actors to intervene and manipulate media files without the user’s knowledge.”
If hackers manage to gain access to your phone through another malicious app, this time lapse could allow them to gain access to, and even manipulate, your data.
In their study, Symantec highlighted four key ways that hackers could exploit the vulnerability.
Firstly, hackers could manipulate images received through your WhatsApp.
Symantec explained: “A WhatsApp user may send a family photo to one of their contacts, but what the recipient sees is actually a modified photo.
“While this attack may seem trivial and just a nuisance, it shows the feasibility of manipulating images on the fly.”
Another way the flaw could be exploited is through payment manipulation, which Symantec describes as ‘one of the most damaging attacks.’
In this attack, the hacker would manipulate an invoice sent by a vendor to a customer, tricking the customer into making a payment to a fake account.
Meanwhile, other attacks could include audio message spoofing and fake news.
Symantec said: “The Media File Jacking threat is especially concerning in light of the common perception that the new generation of IM apps is immune to content manipulation and privacy risks, thanks to the utilisation of security mechanisms such as end-to-end encryption.”
Source: Read Full Article