A Minor loophole can expose WhatsApp and Telegram to a variety of malicious attacks

On Monday, a Cybersecurity firm named Symantec found a loophole in WhatsApp and Telegram that could risk the user’s privacy.

When a user receives a media file, this security flaw dupes the media file through the app to a disk and loads it in app’s chat user interface making the IM apps immune to all sorts of privacy risks.

WhatsApp and Telegram exploit that could give access to a lot of hackers

Symantec revealed about the exploit that could help hackers easily access personal data. WhatsApp and Telegram are collectively used by more than 1.5 billion users from all over the world. This loophole makes the apps vulnerable to all sorts of malicious attacks.

Response from WhatsApp

Symantec notified Telegram and WhatsApp about this vulnerability. In that issue, WhatsApp responded by stating that this is was analyzed closely and it’s similar to the previous issues regarding mobile storage affecting the app ecosystem, they currently follow strong strategies to provide a secured Operating System and is looking forward to providing more updates to eliminate any sort of bugs.

Privacy Risk for users

With this type of exploit users can face various privacy threats that could result in their media being manipulated. An attacker could easily use their private information and use it to blackmail sender or receiver for personal gain or to create chaos.

Voice manipulation: "In this scenario, an attacker exploits the relations of trust between employees in an organization" by sending manipulated audio messages.

Fake news: Admins use the concept of “channels” to broadcast a variety of messages to a a large number of subscribers, an attack can modify and manipulate the files in the channel to spread false news.

Payment Spamming: With this type of threat any person can be tricked to make payment to their account without anyone noticing anything wrong, just by swapping the main information on invoice.

Image Manipulation: We often ignore this sort of malicious act but the attack can manipulate user’s personal photos in near-real-time and without the knowledge of users.

Fake apps

Recently, Symantec discovered a malicious app named MobonoGram2019 promoting itself as the unofficial version of Telegram messaging app. Although on the front end the app performs perfectly normal functions it secretly runs services on the device without user’s approval. This app was downloaded more than 100,000 times before it was detected and removed from the App store.

Bottom Line

Users usually trust instant messaging apps like WhatsApp and Telegram to protect their data of both sender and the message content itself but one thing to keep in mind that there is no code that is immune to security vulnerabilities so try to be safe. "IM app users can mitigate the risk Media File Jacking by disabling the feature that saves media files to external storage."

Read next: WhatsApp users anticipate the new privacy feature promised months ago

Featured photo: MattiaMarasco / Getty Images
Previous Post Next Post