Researchers have reported a vulnerability in the Android versions of WhatsApp and Telegram that could allow malicious actors to manipulate media files sent via the apps.

This "media file-jacking" flaw could allow attackers to alter photographs, modify invoices (to aid in a financial scam), swap out files in a particular channel feed, or potentially even manipulate audio messages, warned cyber-software firm Symantec in a July 15 company blog post.

"The media file-jacking threat is especially concerning in light of the common perception that the new generation of IM apps is immune to content manipulation and privacy risks," wrote Symantec blog post authors Yair Amit, VP and CTO of modern OS security, and Alon Gat, software engineer. "However, as we’ve mentioned in the past, no code is immune to security vulnerabilities. While end-to-end encryption is an effective mechanism to ensure the integrity of communications, it isn’t enough if app-level vulnerabilities exist in the code."

Please register to continue.

Already registered? Log in.

Once you register, you'll receive:

  • News analysis

    The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.

  • Archives

    Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.

  • Daily Newswire

    SC Media’s essential morning briefing for cybersecurity professionals.

  • Learning Express

    One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.