top of page

Chat Programs Vulnerable To Media File Hijacking

Published: August 21, 2020 on our newsletter Security Fraud News & Alerts Newsletter.

Chat programs are handy tools. They keep us connected, help us share all kinds of media files from voice recordings to photos to work-related documents. However, sometimes they are flawed. Recently, researchers at Symantec found that both WhatsApp and Telegram have vulnerabilities in the way they save all kinds of media files that could allow an attacker to manipulate them.

The security flaw is being referred to as Media File Jacking and stems from the time lapse that occurs from when a file is sent to when it’s received by the recipient in the chat client. While it may not appear to the user that there is much of a lapse, it is usually brief, when that file gets written to an external disk.  But that’s enough time for someone to mess with it.

It’s important to note that this affects Android users. So far, there is no news that it affects iOS. To prevent it from happening, change the way that the apps save media files. Don’t let them save to external storage. There are instructions on the Internet as to how to do this for your device. The version of the operating system and the type of advice make a difference in the procedure. Here is how to disable external storage on WhatsApp and Telegram:

You might be wondering why this is significant. After all, it’s not so bad if someone changes a photo, right? Well, say you use WhatsApp to receive an invoice from a vendor you know well, or even from a colleague. It may not be the norm at your workplace, but it isn’t unreasonable that it could happen. Well, because of this flaw, an attacker could hijack that invoice and manipulate it to put in different wiring instructions, for example.

Other scenarios:

  • Manipulate your images

  • Alter audio messages

  • Change trusted media files to communicate fake news or information in Telegram

In addition to this issue, there is another issue with Telegram. It’s actually a problem with a fake app in the Google Play Store that is pretending to be an “unofficial” version of Telegram. It is called MobonoGram and was downloaded over 100,000 times before it was removed. This did provide basic chatting functionality, but was also loading malicious websites in the background without user knowledge. If you downloaded MobonoGram, delete it.

To ensure you aren’t exposing your devices to malware, read reviews before downloading anything. Make sure there are a significant amount of reviews, that they are not all glowing (everyone can find something to complain about), and that no one is reporting the malware. Sometimes it is indeed published in these reviews.

Also, do make sure you have security apps on all devices and that they are kept up-to-date at all time.

These issues are worrisome because users tend to trust messaging apps due to their end-to-end encryption technologies. However, this just shows that even that can be vulnerable and it’s up to users to always be aware that nothing crossing the Internet is guaranteed to be secure.

Keep up to date: Sign up for our Fraud alerts and Updates newsletter

Want to schedule a conversation? Please email us at

3 views0 comments
bottom of page