The exploit, which is being called Media File Jacking, would allow everything from personal photos to documents to be manipulated in real time. Hackers can attack in the window of time between when files are written to disk and when they are loaded into the user interface.
The exploit is especially troubling because both apps advertise the use of end-to-end encryption as a way to show that they are not vulnerable to attacks. WhatsApp and Telegram are also very popular, with a total of 1.5 billion estimated users.
“WhatsApp has looked closely at this issue, and it’s similar to previous questions about mobile device storage impacting the app ecosystem,” WhatsApp said in a statement. “WhatsApp follows current best practices provided by operating systems for media storage, and looks forward to providing updates in line with Android’s ongoing development. The suggested changes here could both create privacy complications for our users and limit how photos and files could be shared.”
To help combat the potential risk, users can disable the feature that saves the files to outside storage. If hackers do obtain the files, they can change them in real time in ways that might not even be noticeable. For example, a hacker could change an invoice to divert funds into the wrong account, or change a voice message to say something completely different. Telegram uses something called channels to display news, and an attacker could change the files that appear in those feeds.
There was also a fake version of the Telegram app that was available on the Google Play store for a while, which would run malicious programs in the background.