Payments fraud, via apps?

July 22, 2019 by PYMNTS.com

Apps with a possible security flaw, a malware phishing scheme and possibly, payments fraud, all done in the blink of an eye?

Security firm Symantec said this past week that it found a security flaw in Android apps for WhatsApp and Telegram, which can allow hackers to manipulate data that flows between users.

Reports say that the hacks, which are known as Media File Jacking, allow media that spans photos to documents to be compromised in “real time” and that means intercepting data between when it is written to disk and when they are loaded onto user interfaces. The apps have, cumulatively over 1.5 billion users.

In reference to payments, a hacker could conceivably change an invoice to help divert funds into different accounts.

“WhatsApp has looked closely at this issue, and it’s similar to previous questions about mobile device storage impacting the app ecosystem,” WhatsApp said in a statement. “WhatsApp follows current best practices provided by operating systems for media storage, and looks forward to providing updates in line with Android’s ongoing development. The suggested changes here could both create privacy complications for our users and limit how photos and files could be shared.”

Payments fraud, via apps?

Featured

Catching members on the way up

The CUInsight Network podcast: Advancing leadership – DDJ Myers

Limiting fees is bad math—and even worse policy

Financial capability at every stage (and every month)

Stay connected to the credit union community with our free newsletter!

You have Successfully Subscribed!