Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

De la Théorie à la pratique





















Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Symantec Mobile Threat Defense: Attackers Can Manipulate Your WhatsApp and Telegram Media Files

July 2019 by Symantec

A security flaw, dubbed “Media File Jacking”, affects WhatsApp and Telegram for Android if certain features are enabled. It stems from the lapse in time between when media files received through the apps are written to the disk, and when they are loaded in the apps’ chat user interface (UI) for users to consume. This critical time lapse presents an opportunity for malicious actors to intervene and manipulate media files without the user’s knowledge. If the security flaw is exploited, a malicious attacker could misuse and manipulate sensitive information such as personal photos and videos, corporate documents, invoices, and voice memos. Attackers could take advantage of the relations of trust between a sender and a receiver when using these IM apps for personal gain or to wreak havoc.

If the security flaw is exploited, a malicious attacker could misuse and manipulate sensitive information such as personal photos and videos, corporate documents, invoices, and voice memos. Attackers could take advantage of the relations of trust between a sender and a receiver when using these IM apps for personal gain or to wreak havoc. Potential usage scenarios include:

• Image manipulation: a seemingly innocent, but actually malicious, app downloaded by a user can manipulate personal photos in near-real time and without the victim knowing.

• Payment manipulation: a malicious actor could manipulate an invoice sent by a vendor to a customer, to trick the customer into making a payment to an illegitimate account.

• Audio message spoofing: using voice reconstruction via deep learning technology, an attacker could alter an audio message for their own personal gain or to wreak havoc.

• Fake news: In Telegram, admins use the concept of “channels” to broadcast messages to an unlimited number of subscribers who consume the published content. An attacker could change the media files that appear in a trusted channel feed in real time to communicate falsities.

Additionally, Symantec recently found a malicious app named MobonoGram 2019 (detected as Android.Fakeyouwon) advertising itself as an unofficial version of the Telegram messaging app. While the app does provide basic messaging functionality, it was also secretly running services on the device without the user’s consent, as well as loading and browsing an endless stream of malicious websites in the background. The app was available on Google Play for a time and downloaded more than 100,000 times before it was removed from the store.




See previous articles

    

See next articles