July 16, 2019 By David Bisson 2 min read

Security researchers discovered a Telegram and WhatsApp vulnerability that could enable digital attackers to tamper with media files.

Symantec traced the bug, which it dubbed media file jacking, to both WhatsApp’s default configuration and an optional Telegram setting on Android devices whereby the apps store media files in external storage without proper security measures. This could enable attackers to manipulate the media files and change their content without users’ knowledge — all they would need is another Android app with the write-to-external storage permission.

Specifically, the researchers found that threat actors could change the content of image files received by either service. They could also use the concept of channels to essentially broadcast fake news or spoof audio messages. Perhaps most concerning, attackers could abuse the Telegram and WhatsApp vulnerability to manipulate invoices sent to users and trick them into submitting payments to an account under their control.

A Year of Telegram and WhatsApp Vulnerabilities

Other security firms have spotted security weaknesses affecting WhatsApp and Telegram. In August 2018, Check Point found a flaw that could enable threat actors to intercept and manipulate messages received in private and group conversations. This discovery came several months before Reuters reported on a vulnerability that allowed entities such as the NSO Group to inject spyware onto mobile devices by abusing WhatsApp’s voice-calling feature.

As for Telegram, researchers at Kaspersky Lab came across a flaw in the service’s Windows client in February 2018 that enabled threat actors to launch a right-to-left override attack whenever a user sent a message. Less than a year later, Forcepoint Security Labs discovered that digital attackers were using the Telegram Bot application programming interface (API) as command-and-control (C&C) infrastructure for their malware attacks.

How to Defend Against Media File Jacking Attacks

Security professionals can help defend their organizations against media file jacking flaws by using a unified endpoint management (UEM) tool to monitor their apps for suspicious behavior and address any malicious activity.

Additionally, if the organization develops its own apps, security professionals should strive to create a healthy application security culture by testing and hardening application code, completed apps and back-end services.

More from

Poland spending $760 million on cybersecurity after attack

3 min read - Visitors to the Polish Press Agency (PAP) website on May 31 at 2 p.m. Polish time were met with an unusual message. Instead of the typical daily news, the state-run newspaper had supposedly published a story announcing that a partial mobilization, which means calling up specific people to serve in the armed forces, was ordered by Polish Prime Minister Donald Tusk beginning on July 1, 2024. Deputy Prime Minister Krzysztof Gawkowski refuted the claim on X (formerly Twitter). His post…

How generative AI Is expanding the insider threat attack surface

3 min read - As the adoption of generative AI (GenAI) soars, so too does the risk of insider threats. This puts even more pressure on businesses to rethink security and confidentiality policies.In just a few years, artificial intelligence (AI) has radically changed the world of work. 61% of knowledge workers now use GenAI tools — particularly OpenAI’s ChatGPT — in their daily routines. At the same time, business leaders, often partly driven by a fear of missing out, are investing billions in tools…

Water facilities warned to improve cybersecurity

3 min read - United States water facilities, which include 150,000 public water systems, have become an increasingly high-risk target for cyber criminals in recent years. This rising threat has demanded more attention and policies focused on improving cybersecurity.Water and wastewater systems are one of the 16 critical infrastructures in the U.S. The definition for inclusion in this category is that the industry must be so crucial to the United States that “the incapacity or destruction of such systems and assets would have a…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today