Wonderful Engineering

Symantec Demonstrates How Easy It Is To Manipulate Voice Messages On WhatsApp

WhatsApp has quickly become the standard whether you want to chat with someone, make calls, or even want to transfer money peer to peer. It often features quite sensitive financial orders, as well. Symantec recently conducted new research in July. During this research, Symantec discovered that WhatsApp is not as secure as you would like to be.

Hackers of today possess the capability of being able to mimic the voice and even the tone of the users to scam people into losing their money. As per the research carried out by Symantec in July, WhatsApp media files on Android devices could be potentially exposed and then manipulated by malicious hackers.

Symantec has termed the security flaw as ‘Media file Jacking.’ Media file Jacking, as per Symantec, is capable of affecting WhatsApp for Android, given that certain features have been enabled. So, how does Media file jacking work? It basically exploits the time-lapse that exists between the time when media files are received via the instant messaging app, while they are written on the disk and the time it takes for them to get loaded in the user interface of the app.

This time-lapse allows the malicious hackers to have a window opportunity during which they can intervene and make changes to media files before the victim even find it out. For instance, a cyber attacker could manipulate sensitive information, including personal photos and videos, corporate documents, invoices, and even voice memos.

The threat is quite high because of the wrongful assumption that the new generation of instant messaging apps has immunity as far as content manipulation and privacy risks are concerned because of the end-to-end encryption. But be warned, it is not enough to ensure the communication-integrity over apps. Symantec has proved that for WhatsApp, and this goes to show that apps do have vulnerabilities that exist in their code.

Check out the following video and observe how an attacker can manipulate your data.