Yes, you read it right! WhatsApp photos are making your Android phone vulnerable and hackers can take advantage of it that could cost dear for users.
Remember all the hullabaloo for the end-to-end encryption WhatsApp messages have got? It turns out that WhatsApp is still vulnerable and malicious actors could still take advantage of the loophole discovered recently. The new research from Symantec reveals that all media files stored by WhatsApp on your Android smartphone are prone to attract cyber-attacks.
According to the OS security team at Symantec, the time-lapse which occurs between a media file received, stored by WhatsApp on the phone storage, and loaded on users interface for consumption is the main culprit here. The time-lapse provides an opportunity for malicious actors to change the details of media files without users’ knowledge. These unintended changes, however, go unnoticed by Android users most of the time. Changing photos, videos, time, location are some of the serious threats these malicious actors pose by taking advantage of the security flaw in WhatsApp.
Dubbed as “Media File Jacking“, however, is not limited to WhatsApp alone. Telegram app on Android is vulnerable and subject to the same security flaw.
Symantec has categorically mentioned that despite the new security flaw identified only in the IM apps, no code is immune to vulnerability. Encrypting messages, end to end, is definitely a much-needed security measure that all the IM apps must take, but threats can’t be ruled out completely if the vulnerability exists in any app itself.
WhatsApp Vulnerability: There Is A Challenge
WhatsApp was quick to realise the sensitivity of the matter and issued a clarification on the matter. The spokesperson of the company said that the team is aware of the issue and the next update of the app will have it fixed. However, the suggested changes required to fix the flaw could create privacy complications for the company as well as users. He also hinted that the fix may result in limiting users the way media files are being shared on WhatsApp.
“WhatsApp follows guidelines from Android including: ‘You should use external storage for user data that should be accessible to other apps and saved even if the user uninstalls your app, such as captured photos or downloaded files.’ We store files in the same manner as other messaging apps (like Viber), email (like Gmail), and file storage apps (like Dropbox).” spokesperson said.
It is not the first time when a serious security flaw is detected in WhatsApp. In 2017, a major loophole was detected in WhatsApp which allowed hackers to take control of the account.
WhatsApp has got over 1.5 billion users worldwide, and a lion’s share of the user base is on Android which appears to be on a risky affair. As people are getting accustomed to sharing highly sensitive personal and professional media files and information on WhatsApp nowadays, the onus on making WhatsApp experience more secured lies on the company.
Undoubtedly, technology is playing a vital role in the making day to day activities much easier but with the recent expose of such incidents also hint how vulnerable users have become on the era of technology and devices. The brutual reality of getting depended on apps and devices is a well known fact, but its inevitable.