What Downloads Together with Media Files from WhatsApp and Telegram Apps?

The most popular and globally used messengers, which become the senior communication channels, have much work to do. Today it's all about cybersecurity aspect and the massive data flow leaks through these services. The providers promise and ensure users that all the records they send to each other are totally protected with the latest methods of encryption.

While using chat services, users can turn on or hide the location, show their activity status, send images, video or audio files. In one word, send any personal data via all existing channels. So, your mobile device is the lighthouse and the radar simultaneously—you perform and receive data. Anyhow, everyone wants to have strict privacy guarantees, just like you unveil your interior life facts to someone you can trust.

Symantec experts track problems of suchlike services for Android OS and try to puzzle out where is that weak spot for hackers to interfere with the private data. The file storage makes a difference. Any data can be accumulated for further transits in the external storage to save place of the internal storage of users' smartphones. WhatsApp keeps files only in the external source, and Telegram does the same. But it also means that violators would like to get access to the files' depository where they can get the desired haul.

Let's suppose you asked a friend to share a photo of the fabulous place he/she visited on vacation. The pic is sent and got to the external base, you have no notion what's going on there, but you patiently expect it to pop into your chat. If the "Save to gallery" mark in the app is turned on—here it is, files from outside directly hit the gallery of your device. Or data can be simply changed for blackmail and fraud activity for financial operations and fake newsfeed.

By this, hackers can execute manipulations beyond customers awareness and attach some malware app to the seeming "clean" files you are going to receive, and ta-da, the gadget is infected. From now on, the intruder soft will function according to its purpose. This attack technique is called "Media-File-Jacking", mostly used for Android.

Apparently, both the WhatsApp and Telegram engineers are familiar with this tricky thing, but the comments remain reserved. Emphasizing that, if they wouldn't use the external storages, the quality of messenger's functionality will suffer a lot as it provides rapid data transmission and good image resolution. The WhatsApp team also believe that Google should resolve these aches and pains. And the Symantec specialists don't agree and claim that app developers should enhance the protection by the fine-grained data checking before files download to the receiver and encrypt graphic and voice attachment just like it done with text messages.