A messaging application is a great and faster way of communication, but only when they are secure to use. Unsecured applications may lead to disastrous results such as leaks of sensitive information and their exploitation. Recently, CyberNews researchers analyzed 13 messaging apps to find out if they are secure or not.
The recent research disclosed that 86% of the apps (11 of 13) were found to be secure by default. However, several other security issues were identified in the applications.
- Four (Signal, Messenger, WhatsApp, and Session) of the secure messaging applications were observed to be using the industry-trusted Signal Protocol for end-to-end encryption. Only two applications (Briar and Qtox) use P2P for the transport mechanism.
- Telegram and Facebook Messenger were not having the ‘private content’ security feature enabled by default.
- iMessage does not encrypt messages if they are sent by GSM (used for 2G/3G).
- Three out of thirteen applications have paid plans that allow users to access extra features.
- A maximum number of applications were found to be using AES and RSA as an encryption algorithm for encryption and key hashes. Almost all messaging services have a free version, except Wired.
Recent attacks on messaging apps
In recent months, several attackers have been found targeting messaging applications, leading to data leaks and further exploitation.
- Some bot operators were found exploiting Facebook’s link preview feature for web scraping purposes. In addition, a malware named Xpc.js was discovered that targets Discord.
- Last month, an unsecured database was discovered that included more than 130,000 extremely sensitive files (such as photos, audio recordings, and videos) belonging to a private social network organization LimitChat, based in China.
Messaging apps have gained immense popularity as they are cheaper than traditional text messages and voice calls. But at the same time, they also have several associated risks. Thus, experts suggest users always update their messaging application with the latest version, avoid jailbreaking smartphones, and stay alert while using the apps.