Home STAY CURRENTArticles How Secure Are the Most Popular Messaging Apps

How Secure Are the Most Popular Messaging Apps

by CISOCONNECT Bureau

Recently, researchers analyzed 13 messaging apps to find out if they are secure or not. Read on to know more…

A messaging application is a great and faster way of communication, but only when they are secure to use. Unsecured applications may lead to disastrous results such as leaks of sensitive information and their exploitation. After recently discovering a chat service that was leaking user’s images as well as video and audio recordings, the CyberNews investigation team decided to conduct a deep dive into the security features of larger messaging apps. The researchers analyzed 13 messaging apps to find out if they are secure or not.

Research Findings
The researchers looked at various aspects of 13 popular secure messaging apps including Signal, Wickr Me, Messenger, WhatsApp, Telegram, Wire, Viber, Cyber Dust, iMessage, Pryvate, Qtox, Session and Briar to find that 86% of the apps (11 of 13) were found to be secure by default.

Instead of trying to rank these apps in any way, CyberNews instead focused on investigating the applications’ encryption, transport and overall privacy. Overall, the researchers’ findings were mostly positive with all but two of the apps, Telegram and Messenger, offering security by default. Even then though, Telegram and Messenger could easily be made secure by changing user settings on a per conversation basis.

However, several other security issues were identified in the applications. Four (Signal, Messenger, WhatsApp, and Session) of the secure messaging applications were observed to be using the industry-trusted Signal Protocol for end-to-end encryption. Only two applications (Briar and Qtox) use P2P for the transport mechanism.

Telegram and Facebook Messenger were not having the ‘private content’ security feature enabled by default. iMessage does not encrypt messages if they are sent by GSM (used for 2G/3G). Three out of thirteen applications have paid plans that allow users to access extra features. A maximum number of applications were found to be using AES and RSA as an encryption algorithm for encryption and key hashes. Almost all messaging services have a free version, except Wired.

One interesting finding from the news outlet’s research is the fact that Apple’s iMessage only uses encryption on HTTPS. As a result, messages sent through GSM on 2G and 3G devices are not encrypted.

Recent Attacks
In recent months, several attackers have been found targeting messaging applications, leading to data leaks and further exploitation. Some bot operators were found exploiting Facebook’s link preview feature for web scraping purposes. In addition, a malware named Xpc.js was discovered that targets Discord.

Last month, an unsecured database was discovered that included more than 130,000 extremely sensitive files (such as photos, audio recordings, and videos) belonging to a private social network organization LimitChat, based in China.

Conclusion
Messaging apps have gained immense popularity as they are cheaper than traditional text messages and voice calls. But at the same time, they also have several associated risks. Thus, experts suggest users always update their messaging application with the latest version, avoid jailbreaking smartphones, and stay alert while using the apps.

Recommended for You

Recommended for You

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Close Read More

See Ads