WhatsApp users alert! Your media files could be manipulated by hackers
WhatsApp saves files to external storage automatically and doesn't have any system in place to protect users from a Media File Jacking attack. The attackers could exploit this vulnerability to scam victims in various ways, the research team explained.
If you are a Whatsapp user and thought that instant messaging platforms provide end-to-end encryption to give you rock-solid security, than its time to think again. Researchers from cyber-security firm Symantec have revealed vulnerabilities that allowed hackers to manipulate the images and audio files you receive on these platforms. WhatsApp saves files to external storage automatically and doesn't have any system in place to protect users from a Media File Jacking attack. The attackers could exploit this vulnerability to scam victims in various ways, the research team explained.
If this security flaw is exploited by the attacker, your personal information could be misused and manipulated. This makes your personal photos, videos, corporate documents, invoices, and voice memos etc all are at risk of hacking. Check top danger points and how WhatsApp is linked:
1. The app runs in the background and performs a 'Media File Jacking attack' while the victim uses WhatsApp. It monitors photos received through the app, identifies faces in photos, and replaces them with something else, such as other faces or objects.
2. A WhatsApp user may send a family photo to one of their contacts, but what the recipient sees is actually a modified photo. While this attack may seem trivial and just a nuisance, it shows the feasibility of manipulating images on the fly.
3. Using the same vulnerability, the attackers could make payment manipulation, audio message spoofing or spread fake news.
4. Reports in May revealed that a bug in WhatsApp's audio call feature allowed hackers to install spyware onto Android and iOS phones just by calling the target. The spyware was reportedly developed by the Israeli cyber intelligence company NSO Group.
However, WhatsApp had said it identified and 'promptly' fixed the vulnerability that could enable an attacker to insert and execute code on mobile devices.