Researchers say that the files or videos that you get can be hacked before sharing any files or imported documents, once you are thinking that you are not in a deeper pit.
The security flaw, dubbed “Media File Jacking”, affected WhatsApp for Android by default, and Telegram for Android if certain features were enabled.
San Francisco: If you thought texting platforms like WhatsApp and Telegram that give start to finish encryption give you shake strong security, reconsider. Scientists from digital security firm Symantec on Monday uncovered the vulnerabilities that enabled hackers to control the images and audio records you get on these platforms.
The security imperfection, named “Media File Jacking”, influenced WhatsApp for Android of course, and Telegram for Android if certain highlights were empowered, Symantec analysts said in a blog entry.
As indicated by the researchers, WhatsApp spares documents to outer capacity naturally, while Telegram does as such when the “Spare to Gallery” include is empowered. Notwithstanding, neither applications have any framework set up to shield clients from a Media File Jacking assault, the researchers from Symantec’s Modern OS Security group clarified.
“On the off chance that the security defect is abused, a pernicious attacker could abuse and control touchy information, for example, individual photos and recordings, corporate archives, solicitations, and voice reminders,” composed Software Engineer Alon Gat and Yair Amit, Vice-President and Chief Technology Officer, Modern OS Security, Symantec.
Giving case of picture control, the analysts said an apparently honest, however really malevolent, app downloaded by a client could control individual photos in close continuous and without the unfortunate casualty knowing.
The app keeps running out of sight and plays out a “Media File Jacking attack” while the injured individual uses WhatsApp. It screens for photos got through the app, distinguishes faces in photos, and replaces them with something different, for example, different faces or articles.
“A WhatsApp client may send a family photograph to one of their contacts, yet what the beneficiary sees is really an adjusted photograph. While this attack may appear to be unimportant and only a disturbance, it demonstrates the feasibility of controlling pictures on the fly,” Says reports.
Using the same vulnerability, the attackers could make payment manipulation, audio message spoofing or spread fake news. Audio can spread messages, files, videos amd make a fake news.
“In one of the most harming Media File Jacking attacks, a malignant on-screen character can control a receipt sent by a seller to a customer, to fool the customer into making an installment to an ill-conceived account,”.
“The Media File Jacking danger is particularly worried in light of the basic observation that the new age of IM (texting) apps are safe to content control and protection dangers, because of the use of security components like start to finish encryption,” they included.
News came from that a bug in WhatsApp’s audio call feature allowed hackers to install spyware onto Android and iOS phones just by calling the target. The spyware was reportedly developed by the Israeli cyber intelligence company NSO Group.
WhatsApp had said it identified and “speedily” fixed the powerlessness that could empower an attacker to embed and execute code on mobile devices.
Thursday November 23, 2023
Monday November 20, 2023
Monday October 2, 2023
Wednesday September 20, 2023
Wednesday September 20, 2023
Friday September 15, 2023
Monday July 24, 2023
Friday July 14, 2023
Friday May 12, 2023
Tuesday March 7, 2023