Vulnerability in WhatsApp and Telegram Could Allow Alteration of Media Files

A vulnerability has been discovered in WhatsApp for Android and Telegram across all devices. The ‘Media File Jacking’ flaw could allow threat actors to manipulate messages as they are in transit. All sensitive information such as audio files, videos, photos, invoices, and corporate documents can be altered. The vulnerability resides in how the media files are stored in the instant messaging apps, combined with the time-lapse that occurs when sending and receiving messages. The NJCCIC advises users of these apps to change media storage settings. Cyware and Symantec suggest WhatsApp users disable the ‘Media Visibility’ feature and Telegram users may disable the ‘Save to Gallery’ feature.