WhatsApp and Telegram users could be in danger as hackers could be accessing their personal media files without them knowing about it.

Symantec, a Cybersecurity company, recently revealed that they have discovered a vulnerability that could pose a serious risk to WhatsApp as well as Telegram users. The risk could go as deep as their personal photos, documents and media files being manipulated by a malicious third party.

The WhatsApp and Telegram end-to-end-encryption promise is now put on the spot as Media File Jacking, a security exploit invades their users’ privacy and security.

Media File Jacking works deep and quick interferes with the media files as they are being transmitted from the sender to the recipient. The exploit takes advantage of the smallest duration span after the file was sent to a disk and before the message appears to the user interface.

Symantec did a test using their self-created malware to gauge the kind of damage that the exploit could cause. In just a few split seconds, the malware was able to tamper the original photos even before the recipient opened it.

How Do Users Stay Protected?

Luckily, there is a way for WhatsApp and Telegram users to stay protected from the Media File Jacking attack. Since the vulnerability only works after the media files are written on the disk and manipulates them before being transmitted to the UI, halting from saving to an external device could be a help. Disabling the save media file to an external storage feature eliminates the platform for the vulnerability to operating.

What are app makers doing to combat the exploit?

Symantec addressed the concern with both WhatsApp, Telegram and even Facebook that can also be an avenue for the vulnerability.

WhatsApp released a statement assuring the public that they are looking closely at the problem. They further assured their users that they are observing the operating system for media storage best practices.

This is not the first time that WhatsApp users were exposed to a privacy vulnerability. Back in May, an exploit that allows hackers to install spyware was detected. The said spyware has the capacity to take over accounts.