Media files transmitted by popular instant messaging (IM) apps such as Telegram and WhatsApp may be vulnerable to cyber-criminals due to the "Media File Jacking" flaw, as per a new research.
This research conducted, and detailed in a report, by popular eSecurity firm Symantec, states that the endpoints, while messages are transmitted, could be exploited by malicious agents. The report also adds that the Media File Jacking security flaw makes WhatsApp (on Google Android platforms) media files vulnerable whilst also affecting Telegram (for Android) files in case select functionality of the app is turned on.
Now, the Symantec report details that the time elapsed between the period when media files through the instant messaging apps are received, store don the disk, and presented to the user interface (UI) so that users check out the received media. This time period is said to be critical as far as the Media File Jacking execution is concerned.
Folks at Symantec iterate the fact that in case malicious elements get in between the time lapse period (as stated above), then there is an apparent opportunity for accessing users’ personal documents transmitted as media files by the IMs.
“However, as we’ve mentioned in the past, no code is immune to security vulnerabilities,” re-iterate Symantec folks.
At this point in time, it is worth remembering that both WhatsApp and Telegram employ end-to-end encryption techniques; meaning user files are technically secure till they are received by the designated recipient; hence, the above Symantec report could be “theoretical” as of now. Hence, WhatsApp and Telegram users potentially have nothing to fear for now; both WhatsApp and Telegram are yet to come out with official statements regarding the above research.
Nonetheless, Symantec has detailed technically the possibility and apparent modus-operandi of the Media File Jacking. Click here to check these technical details out.
Also Read: Fake Messages Threatening WhatsApp Users About Paying For WhatsApp Usage, Switching Off Service Spreads, Simply Delete Such Messages