Latest posts by Alvin Bryan (see all)
- Millionaire Tyupkin Malware ATM Hackers May Come to US, India After Hitting Europe - October 23, 2014
- BitLicense Will Allow Bitcoin Spying in New York - October 22, 2014
- Australians are Fighting Data Retention Laws - October 22, 2014
Viber and WhatsApp were in the news last April for sending unencrypted data. New research shows that a lot of other apps are doing the same. We use these apps thinking that we get private messaging. But they are putting us in danger by not securing our messages.
Hackers Can Access Private Messaging
What we think is private messaging is not so private after all. Researchers from the Cyber Forensics Research and Education Group have found serious vulnerabilities in several dating and social media apps. Their findings include a lack of security measures for saved data and access to accounts. 21 apps for Android devices were analyzed by the University of New Haven team. From these, the popular apps such as Instagram, Grindr, GroupMe and OkCupid were found to allow access to hackers. They did not provide wncrypion, a necessity for private messaging.
Ibrahim Baggili, who heads off the CFREG team, said that they analyzed the data transmissions that passed from an Android phone. The team quickly discovered that stored data was not encrypted. They also found that accounts of the affected apps could be viewed without requiring a login from the user. This means that account data can be easily viewed and stolen by hackers. Users who want to see the results for each app can watch the videos on CFREG’s YouTube channel. The videos for every day of this week will focus on a few apps at a time. Baggili says that this way people can focus on the information without being overloaded with boring details.
Intercepting data, especially over public WiFi, has been popular with hackers for many years. They get access to a lot of sensitive user data this way. They get access because people are relying on apps that don’t really give them the protection that they need. Most of these apps are only interested in singing people up for private messaging. But they are not dedicated to providing private messaging. They are in business for themselves, and don’t really care if people get private messaging, as long as they don’t know they’re not getting it.
Like Viber and WhatsApp, these apps may apply the proper security measures for private messaging now that their flaws have been made public. CFREG has reported the flaws to them, but only Grindr and GroupMe have responded to say that they are looking into it. But even if they do make the fixes, users are likely to be put in danger when the next attack comes along. They should be warned that if they do not use real private messaging apps, their privacy is still in danger. CFREG used NetworkMiner to show all the data that can be intercepted over unencrypted connections. This included OkCupid chats and Instagram and ooVoo images, according to their first video report. Users of HeyWire, Hike, Kik, Line, MeetMe, MessageMe, MyChat, Nimbuzz, Tango, TextMe, textPlus, Vine, Voxer, WeChat, Whisper and Words With Friends should stay tuned to YouTube for the details.