News

Researchers manipulate WhatsApp media files via external Android storage

By admin
Spread the love

Symantec researchers have used Android’s external storage to manipulate media files received via WhatsApp or Telegram. This is a known vulnerability on Android surrounding the use of external storage.

Symantec calls the vulnerability Media File Jacking and it affects WhatsApp for Android by default, as it is a default there to save received media files to the external storage. With Telegram, this is only the case if it is specifically set. The vulnerability concerns the time between saving the received media files and loading the files in the interface of both chat apps. This time lapse gives attackers an opportunity to, for example, adjust images, although malware must first be installed on the phone. During this time between saving and loading the file, it can analyze the content and then manipulate or replace it.

For example, if images obtained through WhatsApp are written to the internal storage of the device, the files can also only be used by the app and other apps cannot access it. This is the case when using the external storage. Applications that ask for the necessary permission write_external_storage is quite common on Android, so the researchers state that an unconscious user will not hesitate to give permission.

In fact, this is a broader issue of the potentially insecure way in which apps use storage on Android devices. Researcher Slava Makkaveev already showed a year ago that Android’s external storage can be used to penetrate the sandbox of apps and, for example, install a malicious app. For such an attack it is necessary that there is already an ‘harmless’ app on the device with the permissions to write to the external storage.

Symantec has notified both WhatsApp and Telegram of its findings. The most effective solution is to prevent the apps from writing files to the external storage. That means the internal storage must be set up for that. Cnet, among others, reports that WhatsApp, through a spokesperson, says that this example is similar to previous issues surrounding mobile device storage and the impact on the app ecosystem. However, using internal storage is not recommended, according to WhatsApp, because it would create privacy issues and not all devices would have enough internal storage.

You might also like
News

Microsoft announces Bing Chat Enterprise and Copilot pricing for businesses

News

Meta introduces open source language model Llama 2, works on PCs and phones

News

Telegram has over 800 million active users and is not yet profitable

News

Meta announces Roblox for Quest headsets

News

Rumor: Meta wants to release open source language model LLaMA as a paid product

News

Proton releases Windows app for encrypted cloud storage service Proton Drive