Although it is known that it strongly encrypts messages during transmission, it is possible that applications such as WhatsApp and Telegram can not keep their files on their phone securely. Today, Symantec researchers explain how hackers can use malicious applications to subtly alter media files sent through a service.
Android can store media such as images and audio files. Applications or external storage that is more widely available in other applications. WhatsApp saves the media through external storage by default, and the telegram is made when the "Save in Gallery" function of the application is enabled.
Researchers say that design options can access WhatsApp using malware with external storage access. Send the media file, perhaps before the user sees it. For example, if a user downloads a malicious application and then receives a picture of WhatsApp, the hacker can manipulate the image to prevent the recipient from being detected. Multimedia messages sent by hackers can also be modified theoretically.
Researchers call the attack "multimedia file trimming." This is a known problem in many aspects and is a balance between privacy and accessibility of messaging applications on Android. With popular external storage configurations, your applications are compatible with other storage, so you can move your photos and other data more freely. But it has cost me. Last year, researchers pointed to similar problems.
The telegram did not respond immediately to the request for comments. The WhatsApp spokesperson said that changing storage systems could limit the ability of the service to share multimedia files and even raise new privacy issues. "WhatsApp has been analyzed carefully for this problem and is similar to the previous questions about the storage of mobile devices that affect the application ecosystem," a spokesperson said in a statement. "WhatsApp is the latest version of the operating system"
But these are not messaging applications. As the researchers have pointed out, users are usually asked to "guarantee the integrity of the sender's identity and the content of the message." We rely on the encrypted application to protect it.
"But as we mentioned in the past, there is no code that is immune to security vulnerabilities."