Criminals can manipulate media files transmitted by users via WhatsApp and Telegram messengers.
The problem is that the Android mobile operating system allows applications to access files in external storage, warn Symantec experts.Researchers described the attack, which they called Media File Jacking.
Using this method, malicious Android applications that have permissions to make changes in the external storage can modify files sent or received through WhatsApp and Telegram, while they are being written on disk or loaded in the application interface.
“Attackers could take advantage of the relations of trust between a sender and a receiver when using these IM apps for personal gain”,— report Symantec experts.
The attack works in the WhatsApp manager with the default settings and in Telegram if enabled option “Save to gallery”.
Experts have demonstrated how using through an attack it is possible to manipulate images, accounts and audio files. According to them, the manipulation of accounts is fraught with quite serious consequences for the victims, because an attacker can replace the account number in the document, as a result, the user will send money to a completely different account.
Substitution of audio messages can also backfire for organizations. In particular, an attacker can replace an audio message, for example, asking to send slides for presentation or a message about the transfer of funds to an account under his control.
In the case of Telegram, the Media File Jacking method can be used to distribute fakes on reputable news channels, note researchers.
Experts have already informed the administration of WhatsApp and Telegram about the problem. According to WhatsApp, this flaw should be fixed by Google, while Telegram has not commented on the situation.
In the version of Android Q, Google will introduce a new feature called Scoped Storage, which changes the mechanism of application access to files in the external storage device.
As noted in Symantec, the new functionality will prevent Media File Jacking attacks, however, a large number of users will remain at risk, given that the Android Q version is not widely available, and besides, not all devices will be updated to the latest OS release.
In this regard, experts suggest that application developers implement mechanisms to check the integrity of files before they are loaded into the application and encrypt files.
Mitigation
IM app users can mitigate the risk Media File Jacking by disabling the feature that saves media files to external storage.
WhatsApp: Settings -> Chats -> Media Visibility
Telegram: Settings -> Chat Settings -> Save to Gallery