The Independent's journalism is supported by our readers. When you purchase through links on our site, we may earn commission.
WhatsApp flaw lets hackers 'wreak havoc' with your pictures and videos
Security vulnerability, which also affects Telegram, allows malicious actors to misuse and manipulate sensitive information
Your support helps us to tell the story
From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.
At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.
The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.
Your support makes all the difference.A major security flaw with WhatsApp and Telegram could allow hackers to view and manipulate people’s private photos, videos and voice memos.
Researchers from cyber security firm Symantec uncovered the ‘Media File Jacking’ vulnerability, which they claim affects the Android versions of the popular messaging apps.
If exploited, attackers could “misuse and manipulate sensitive information” from a person’s WhatsApp or Telegram, the researchers warned, either “for personal gain or to wreak havoc”.
Both messaging apps offer security to their users end-to-end encryption, which is designed to protect the identity of the sender and prevent hackers from intercepting the content of messages.
While this works to a certain extent, the Symantec researchers said it actually gave users a false sense of security when using WhatsApp and Telegram.
“The common perception [is] that the new generation of Instant Messaging apps is immune to content manipulation and privacy risks,” the researchers wrote in a blog post that details their findings.
“While end-to-end encryption is an effective mechanism to ensure the integrity of communications, it isn’t enough if app-level vulnerabilities exist in the code.”
The vulnerabilities uncovered by the researchers allow malicious actors to access and manipulate media files by taking advantage of flaws in the apps that occur before or after the content is encrypted in transit.
The ability to manipulate images and other media files could have serious implications if it was used, for example, on public figures. Researchers said it could have wide-reaching consequences if the media files of "a politician running for office or a company executive" were manipulated.
The issue exists in WhatsApp by default in Android, while Telegram is affected if the 'Save to Gallery' feature is enabled.
Symantec researchers warned that neither app has any measure in place to protect their users from a Media File Jacking attack. The Independent has contacted Telegram and WhatsApp for comment on the issue.
The next version of Google's mobile operating system, Android Q, will see changes that may help prevent abuse of the security flaw, though users of the apps can also take action now to avoid falling victim to it.
"Users can mitigate the risk of Media File Jacking by disabling the feature that saves media files to external storage," the researchers wrote, advising users to access the apps' settings in order to do this.
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies
Comments