‘Media File Jacking’ is the new buzzword phrase that describes a security flaw and enables hackers to manipulate images and audio files on various platforms, and in this case ‘end-to-end encryption’ apps WhatsApp and Telegram on Android. Symantec’s Modern OS Security team explained ‘neither apps have any system in place to protect users from a Media File Jacking attack’.
“If the security flaw is exploited, a malicious attacker could misuse and manipulate sensitive information such as personal photos and videos, corporate documents, invoices, and voice memos,” wrote Software Engineer Alon Gat and Yair Amit, Vice-President and Chief Technology Officer, Modern OS Security, Symantec.
Image and payment manipulation are arguably the most damaging Media File Jacking threats. For example, in one of the most damaging Media File Jacking attacks, a malicious actor can manipulate an invoice sent by a vendor to a customer, to trick the customer into making a payment to an illegitimate account. As in the previous scenario, an app that appears to be legitimate but is in fact malicious, watches for PDF invoice files received via WhatsApp, then programmatically swaps the displayed bank account information in the invoice with that of the bad actor. The customer receives the invoice, which they were expecting to begin with, but has no knowledge that it’s been altered. By the time the trick is exposed, the money may be long gone. To make matters worse, the invoice hack could be broadly distributed in a non-targeted way, looking for any invoices to manipulate, affecting multiple victims who use IM apps like WhatsApp to conduct business, explained the team.
We detail below how to mitigate these threats: