The security flaw, dubbed "Media File Jacking", affected WhatsApp for Android by default, and Telegram for Android if certain features were enabled, Symantec researchers said in a blog post
According to the researchers, WhatsApp saves files to external storage automatically, while Telegram does so when the "Save to Gallery" feature is enabled. However, neither apps have any system in place to protect users from a Media File Jacking attack, the researchers from Symantec's Modern OS Security team explained.
Researchers at software company Symantec exposed a vulnerability which lets hackers change media files in the Android versions of encrypted messaging apps WhatsApp and Telegram.
HIGHLIGHTS
A new vulnerability affecting the Android versions of WhatsApp and Telegram has been discovered.
The security flaw allows hackers to manipulate media files after they reach on the users’ smartphones.
Hackers can also broadcast fake news using the security flaw called the Media File Jacking.
What can hackers do?
Hackers, on gaining access to the users' media files can not only manipulate their images and audio files but also their payments. As per Symantec blog, hackers can manipulate your personal photo in near real-time without you ever knowing about the hack.
They can use voice reconstruction technology to change the audio messages. They can broadcast fake news in Telegram channels and lastly they can also manipulate an invoice sent by a vendor to a customer, to trick the customer into making a payment to an illegitimate account.
How they do it ?
While this sounds surreal, given the buzz created by E2E encryption, but it isn't. Hackers in this case take advantage of the way these two popular applications work. Here is how the security flaw allows hackers to manipulate your media files:
Android smartphones, as software engineer Alon Gat explained, can store data in two locations - internal and external. While the internal storage is safe as it can be accessed only by the app, the external storage isn't as safe as it is saved to a public directory and can be modified by other apps or users.
There is a time lag between when the media files are received and written to the disk and when they are loaded in the app for consumption by the user.
During this time lag, malicious hackers can install their malware that would allow them to manipulate the received media files or even replace them with the media files of their choice.
"Think of it like a race between the attacker and the app loading the files. If the attacker gets to the files first - this can happen almost in real time if the malware monitors the public directories for changes - recipients will see the manipulated files before ever seeing the originals. Moreover, the thumbnail that appears in the notification that users see will also show the manipulated image or file, so recipients will have no indication that files were changed," Symantec wrote on its blog.
What's concerning is that on WhatsApp, this attack can be launched not only when sending the media files, which means that the attack is launched on the sender's device but also when receiving the media files, which means that the attack is happening on the receiving device.
How we can save over data ?
WhatsApp message tracing easily possible without diluting end-to-end encryption, says IIT professor
The report noted that developers should validate the integrity of files, or keep them in the internal storage. The problem happens when the app stores the media files in the external storage.
In addition, the upcoming “Scoped Storage” feature in Android Q will also help prevent such attacks. Symantec noted that it has already notified Telegram and Facebook about the flaw.
According to the researchers, WhatsApp saves files to external storage automatically, while Telegram does so when the "Save to Gallery" feature is enabled. However, neither apps have any system in place to protect users from a Media File Jacking attack, the researchers from Symantec's Modern OS Security team explained.
Researchers at software company Symantec exposed a vulnerability which lets hackers change media files in the Android versions of encrypted messaging apps WhatsApp and Telegram.
HIGHLIGHTS
A new vulnerability affecting the Android versions of WhatsApp and Telegram has been discovered.
The security flaw allows hackers to manipulate media files after they reach on the users’ smartphones.
Hackers can also broadcast fake news using the security flaw called the Media File Jacking.
What can hackers do?
Hackers, on gaining access to the users' media files can not only manipulate their images and audio files but also their payments. As per Symantec blog, hackers can manipulate your personal photo in near real-time without you ever knowing about the hack.
They can use voice reconstruction technology to change the audio messages. They can broadcast fake news in Telegram channels and lastly they can also manipulate an invoice sent by a vendor to a customer, to trick the customer into making a payment to an illegitimate account.
How they do it ?
While this sounds surreal, given the buzz created by E2E encryption, but it isn't. Hackers in this case take advantage of the way these two popular applications work. Here is how the security flaw allows hackers to manipulate your media files:
Android smartphones, as software engineer Alon Gat explained, can store data in two locations - internal and external. While the internal storage is safe as it can be accessed only by the app, the external storage isn't as safe as it is saved to a public directory and can be modified by other apps or users.
There is a time lag between when the media files are received and written to the disk and when they are loaded in the app for consumption by the user.
During this time lag, malicious hackers can install their malware that would allow them to manipulate the received media files or even replace them with the media files of their choice.
"Think of it like a race between the attacker and the app loading the files. If the attacker gets to the files first - this can happen almost in real time if the malware monitors the public directories for changes - recipients will see the manipulated files before ever seeing the originals. Moreover, the thumbnail that appears in the notification that users see will also show the manipulated image or file, so recipients will have no indication that files were changed," Symantec wrote on its blog.
What's concerning is that on WhatsApp, this attack can be launched not only when sending the media files, which means that the attack is launched on the sender's device but also when receiving the media files, which means that the attack is happening on the receiving device.
How we can save over data ?
WhatsApp message tracing easily possible without diluting end-to-end encryption, says IIT professor
The report noted that developers should validate the integrity of files, or keep them in the internal storage. The problem happens when the app stores the media files in the external storage.
In addition, the upcoming “Scoped Storage” feature in Android Q will also help prevent such attacks. Symantec noted that it has already notified Telegram and Facebook about the flaw.
0 comments:
Post a Comment