The team recently discovered that a chat app, most likely from a Chinese company, had leaked more than 130.000 images (with inappropriate content), videos and recordings of users. This messaging service belonged to a company that offered a "private social network" and therefore did not have too many users. On the occasion of this leak incident, the research team wanted to look at bigger and more popular applications to see if they are safe.
It seems that the news for the users of these applications is good. 86% of applications (11 out of 13) were secure by default. Only two applications, the Telegram and Facebook Messenger, did not have the features enabled security by default.
The researchers also found that most applications used RSA and AES variants for encryption and key hashes.
Having this security is very important for various important activities. For example, people participating in protests (eg Black Lives Matter on USA etc) use messaging services to organize their activities. Research has shown that those users It would be wise to use the top secure messaging applications such as Signal, Wire, Cyber Dust and others.
The research team examined various aspects of the 13 applications to reach its conclusion.
The main results of the analysis:
- 2 of the messaging apps (Telegram and Messenger) were not secure by default. However, users can easily enable this security by going to settings
- 4 of the secure applications (Signal, Messenger, WhatsApp and Session) use the reliable Signal Protocol for end-to-end encryption
- Only two of the applications use P2P
- Her iMessage Apple (used on iPhone, iPad, Apple Watch and Mac) does not encrypt messages if sent via GSM (used for 2G and 3G)
- Most of the applications use RSA and AES
Security of messaging applications
How much security one needs depends to a large extent on why one uses an application.
For general use, the messaging service is good to has encryption enabled - preferably by default. Encryption is required to send sensitive information and files.
But there are users who want as much as possible safety or even complete anonymity. This means that there should be no risk of their messages being read by third parties.
The applications analyzed were considered secure, but all programs may have bugs, which sets them users in danger.
Both WhatsApp and Messenger have been found vulnerable in the past.
Even the Signal, the application proposed by cyber security professionals, was the victim of a complex attack where one could hear what was happening in your environment with a type of voice call, called ghost call.
In general, the research team said that none of the applications can offer absolute safety. Even if it is completely safe, it can make a mistake by the users themselves. If, for example, you do not have a password access on your device and someone picks it up or if your employers monitor your devices, then the application can not protect you on its own.
Source: Security Affairs