Published on July 15th, 2019 📆 | 7882 Views ⚑
0WhatsApp security flaw gives hackers access to personal media on your phone
Much has been said about the way that messaging apps such as WhatsApp and Telegram protect users by encrypting your messages and media as you send it from your handset to its recipient.
Whatsapp and Telegram use very robust end-to-end encryption to ensure your messages remain private. However, security specialists are warning against âMedia File Jackingâ.
What is Media File Jacking?
Media File Jacking is an exploit that takes advantage of permissions giving apps access to external storage. It could allow malicious apps to access media once it reaches your phone.
Whatsapp will save media to external storage by default while Telegram will use external storage when you select the âsave asâ option.
Apps with malicious intentions and the correct permissions could then manipulate the image before the user has even seen the original.
According to CNet, researchers tested malware it created to manipulate image and audio files sent through WhatsApp and Telegram:
âIn a demo clip, a person sent a photo of two friends. The malware on the recipientâs device automatically replaced it with the actor Nicolas Cage over their faces.â
Whatsapp and Telegram arenât really to blame on this one.
Also read â WhatsApp is testing a feature to share your status to Facebook and Instagram
How Android and WhatsApp handles storage permissions
No one is claiming thereâs any vulnerability in their encryption; however, this problem speaks to a more significant problem with Android and the way it handles storage permissions.
âWhatsApp has looked closely at this issue. Itâs similar to previous questions about mobile device storage impacting the app ecosystem,â a WhatsApp spokesperson told The Verge.
As soon as we need access to media that arrives during secure channels, we also need to give access to any person or app that has managed to get the same permissions.
How to prevent your WhatsApp media from being hacked
Prevention is still better than cure. Your best defence is still to make sure you donât grant permissions to applications that they shouldnât need to perform their function.
A running app would need access to your location, but the game youâre playing probably doesnât.
âWhatsApp follows current best practices provided by operating systems for media storage and looks forward to providing updates in line with Androidâs ongoing developmentâ, the Whatsapp statement continued.
As good as Whatsapp and Telegramâs encryption is, you cannot assume that your media, messages and the identity of the senders and recipients are 100% secure when you have any non-factory apps running on your phone.
Watch: Media File Jacking explained
Also read â A perfect social media storm: Why WhatsApp, Facebook and Instagram go down simultaneously
Gloss