A bug exposes photographs and videos that they send through the messaging platform
Messaging applications encrypt your point-to-point messages
That is, no one but the other party and recipient has access to the content, an unprotected point has been detected under this security layer that would allow others to access and manipulate documents through WhatsApp.
The security firm Symantec has warned of a serious security problem that would affect Android phones exclusively (iPhone users would be safe) and that has been baptized as Media File Jacking.
In an article signed by analysts of the firm Yair Amit and Alon Gat, Symantec warns that hackers "Can manipulate multimedia files" both in WhatsApp and Telegram.
What is this security problem?
Experts warn that this vulnerability takes place on the Google mobile platform only when the attachments received by WhatsApp are saved on an external media other than memory.
This occurs when it is selected in the messaging application that the attachments are stored on an external media such as a memory card, and the problem is that WhatsApp uses this storage location by default
That the vulnerability Media File Jacking It takes advantage of the time period in which the attachment travels from the messaging platform to the directory of the external support, which is public, and in that transit the attack can occur.
A malware installed on the mobile of any of the interlocutors could manipulate the image (by artificial intelligence I could recognize faces and replace one with the other), but as experts warn, the hackers They could also modify other types of attachments that are sent more and more frequently by WhatsApp, such as invoices and other types of more compromising documents.
Symantec comes to notice in his entry that the attackers could even manipulate the audios that are sent through the platform, using deep learning systems to imitate voices and eventually request money from the recipient.
Media File Jacking
It could also be a great revulsion for the dreaded bulls (fake news) as they could modify news sent by reliable means if the terminal has been affected by this unprotected flank. Is this vulnerability serious?
"Symantec has no news that this vulnerability has been exploited by the attackers," explains Alon Gat, one of the authors of the document.
However, and until a patch that solves this problem is made public, measures should be taken; in this regard, Gat recommends "Disable the function that archives attachments in external storage". To do this, this expert recommends accessing WhatsApp settings on Android and then deactivating ‘Save in gallery’ attached documents.