A major security flaw with WhatsApp and Telegram could allow hackers to view and manipulate people’s private photos, videos and voice memos.
Researchers from cyber security firm Symantec uncovered the ‘Media File Jacking’ vulnerability, which they claim affects the Android versions of the popular messaging apps.
If exploited, attackers could “misuse and manipulate sensitive information” from a person’s WhatsApp or Telegram, the researchers warned, either “for personal gain or to wreak havoc”.
We’ll tell you what’s true. You can form your own view.
From
15p€0.18$0.18USD 0.27
a day, more exclusives, analysis and extras.
Both messaging apps offer security to their users end-to-end encryption, which is designed to protect the identity of the sender and prevent hackers from intercepting the content of messages.
While this works to a certain extent, the Symantec researchers said it actually gave users a false sense of security when using WhatsApp and Telegram.
12 useful WhatsApp features you didn’t know existed
Show all 12
12 useful WhatsApp features you didn’t know existed
1/12 Unsend messages
You can unsend a message by tapping and holding it, hitting the Delete symbol and selecting Delete for Everyone. The feature works for all types of messages, but only if they were sent less than seven minutes ago.
2/12 Dodge the blue ticks
WhatsApp’s blue ticks show when sent messages have been read, but you can disable them buy going to Settings > Account > Privacy > Read Receipts. However, bear in mind that, by doing so, you’ll lose the ability to see when your own sent messages have been read.
Another, more fiddly way of reading your messages without triggering the blue ticks, is enabling Aeroplane Mode before opening your messages - just remember to close the app before switching Aeroplane Mode off again.
3/12 Hide your 'last seen' time
Prevent your friends from finding out when you were last online by hiding your last seen time. Go to Settings > Account > Privacy > Last Seen. As is the case with disabling read receipts, hiding your ‘last seen’ time will also stop you from seeing anybody else’s.
4/12 Limit data usage
You can control how much data you munch through on WhatsApp by limiting the types of media you automatically download on a mobile connection. Go to Settings > Data Usage and choose the best option for you.
5/12 Customise notifications
If you’re expecting an important WhatsApp message from someone, set a custom notification for them by opening the chat, tapping their name at the top and hitting Custom Notifications.
6/12 Format your messages
To jazz up any of your messages, simply highlight it by tapping and holding it, hit the More Options key on the pop-up menu and tap the formatting option you want - bold, italic, strikethrough or monospace.
7/12 Type hands-free
You can get Siri or Google Assistant to type your WhatsApp messages out for you by saying either “Hey Siri” or “Okay Google”, followed by the name of the person you want to message and the actual contents of the message.
8/12 Mark chats as unread
When you’ve read a message but can’t reply to it straight away, you can set a visual reminder by marking it as unread. On Android, long-press the conversation, and on iOS, swipe from left to right on a chat.
9/12 Email entire conversations
You almost certainly won’t do this on a regular basis, but it’s a handy option to have. You can export entire conversations - complete with emoji and media attachments - by hitting More inside a chat a selecting Email Chat.
10/12 Mass-message contacts
You can send the same message to lots of your contacts without lumping them all into one group, much like the BCC option on email, by hitting the New Broadcast option on the app’s main menu.
11/12 Pin conversations
You pin up to three contacts and groups to the top of your WhatsApp conversation list by tapping and holding a chat, then hitting the pin icon.
12/12 Make things easier to find
You can easily mark key messages with a star, allowing you to find them easily when you need to. Just tap and hold a message and hit the star icon to save it, and return to it later by selecting Starred Messages in WhatsApp’s main menu.
1/12 Unsend messages
You can unsend a message by tapping and holding it, hitting the Delete symbol and selecting Delete for Everyone. The feature works for all types of messages, but only if they were sent less than seven minutes ago.
2/12 Dodge the blue ticks
WhatsApp’s blue ticks show when sent messages have been read, but you can disable them buy going to Settings > Account > Privacy > Read Receipts. However, bear in mind that, by doing so, you’ll lose the ability to see when your own sent messages have been read.
Another, more fiddly way of reading your messages without triggering the blue ticks, is enabling Aeroplane Mode before opening your messages - just remember to close the app before switching Aeroplane Mode off again.
3/12 Hide your 'last seen' time
Prevent your friends from finding out when you were last online by hiding your last seen time. Go to Settings > Account > Privacy > Last Seen. As is the case with disabling read receipts, hiding your ‘last seen’ time will also stop you from seeing anybody else’s.
4/12 Limit data usage
You can control how much data you munch through on WhatsApp by limiting the types of media you automatically download on a mobile connection. Go to Settings > Data Usage and choose the best option for you.
5/12 Customise notifications
If you’re expecting an important WhatsApp message from someone, set a custom notification for them by opening the chat, tapping their name at the top and hitting Custom Notifications.
6/12 Format your messages
To jazz up any of your messages, simply highlight it by tapping and holding it, hit the More Options key on the pop-up menu and tap the formatting option you want - bold, italic, strikethrough or monospace.
7/12 Type hands-free
You can get Siri or Google Assistant to type your WhatsApp messages out for you by saying either “Hey Siri” or “Okay Google”, followed by the name of the person you want to message and the actual contents of the message.
8/12 Mark chats as unread
When you’ve read a message but can’t reply to it straight away, you can set a visual reminder by marking it as unread. On Android, long-press the conversation, and on iOS, swipe from left to right on a chat.
9/12 Email entire conversations
You almost certainly won’t do this on a regular basis, but it’s a handy option to have. You can export entire conversations - complete with emoji and media attachments - by hitting More inside a chat a selecting Email Chat.
10/12 Mass-message contacts
You can send the same message to lots of your contacts without lumping them all into one group, much like the BCC option on email, by hitting the New Broadcast option on the app’s main menu.
11/12 Pin conversations
You pin up to three contacts and groups to the top of your WhatsApp conversation list by tapping and holding a chat, then hitting the pin icon.
12/12 Make things easier to find
You can easily mark key messages with a star, allowing you to find them easily when you need to. Just tap and hold a message and hit the star icon to save it, and return to it later by selecting Starred Messages in WhatsApp’s main menu.
“The common perception [is] that the new generation of Instant Messaging apps is immune to content manipulation and privacy risks,” the researchers wrote in a blog post that details their findings.
“While end-to-end encryption is an effective mechanism to ensure the integrity of communications, it isn’t enough if app-level vulnerabilities exist in the code.”
The vulnerabilities uncovered by the researchers allow malicious actors to access and manipulate media files by taking advantage of flaws in the apps that occur before or after the content is encrypted in transit.
The ability to manipulate images and other media files could have serious implications if it was used, for example, on public figures. Researchers said it could have wide-reaching consequences if the media files of "a politician running for office or a company executive" were manipulated.
The issue exists in WhatsApp by default in Android, while Telegram is affected if the 'Save to Gallery' feature is enabled.
Symantec researchers warned that neither app has any measure in place to protect their users from a Media File Jacking attack. The Independent has contacted Telegram and WhatsApp for comment on the issue.
The next version of Google's mobile operating system, Android Q, will see changes that may help prevent abuse of the security flaw, though users of the apps can also take action now to avoid falling victim to it.
"Users can mitigate the risk of Media File Jacking by disabling the feature that saves media files to external storage," the researchers wrote, advising users to access the apps' settings in order to do this.
Subscribe to Independent Minds to debate the big issues
Want to discuss real-world problems, be involved in the most engaging discussions and hear from the
journalists? Try Independent Minds free for 1 month.
Independent Minds Comments can be posted by members of our membership scheme, Independent Minds.
It allows our most engaged readers to debate the big issues, share their own experiences, discuss
real-world solutions, and more. Our journalists will try to respond by joining the threads when
they can to create a true meeting of independent minds. The most insightful comments on all subjects
will be published daily in dedicated articles. You can also choose to be emailed when someone replies
to your comment.
The existing Open Comments threads will continue to exist for those who do not subscribe to
Independent Minds. Due to the sheer scale of this comment community, we are not able to give each post
the same level of attention, but we have preserved this area in the interests of open debate. Please
continue to respect all commenters and create constructive debates.
Comments
Share your thoughts and debate the big issues
Please be respectful when making a comment and adhere to our Community Guidelines.
You can find our Community Guidelines in full here.
Please be respectful when making a comment and adhere to our Community Guidelines.
You can find our Community Guidelines in full here.
Follow comments
Vote
Report Comment
Subscribe to Independent Minds to debate the big issues
Want to discuss real-world problems, be involved in the most engaging discussions and hear from the journalists? Try Independent Minds free for 1 month.
Already registered? Log inReport Comment
Delete Comment
About The Independent commenting
Independent Minds Comments can be posted by members of our membership scheme, Independent Minds. It allows our most engaged readers to debate the big issues, share their own experiences, discuss real-world solutions, and more. Our journalists will try to respond by joining the threads when they can to create a true meeting of independent minds. The most insightful comments on all subjects will be published daily in dedicated articles. You can also choose to be emailed when someone replies to your comment.
The existing Open Comments threads will continue to exist for those who do not subscribe to Independent Minds. Due to the sheer scale of this comment community, we are not able to give each post the same level of attention, but we have preserved this area in the interests of open debate. Please continue to respect all commenters and create constructive debates.