Whether it’s slapping a funny meme into Facebook Messenger to send to your buddies, or firing up a group chat on WhatsApp, IMs and Messenger services have become a de facto part of daily life. However, few realize that these same programs often expose us to the massive risks of data breaches, personal information loss, and intrusion into our privacy. Today we take a look at the whys and hows of this latest frontier in cybercrime and everything you need to know to stay safe online.
A Growing Threat
While most of us are increasingly aware of the risks of online scams and the need to keep our accounts secure, this same awareness rarely reaches apps that put users' privacy at risk. It’s understandable. For a long time, most of the conversations around cybersecurity revolved around malware and viruses; at the time, they simply didn’t exist for mobile software like iOS and Android.
However, in the field of cybercrime, that’s old news. Especially as data and who can control it has risen to become one of the critical issues globally. Today we work, play, bank, and engage with the world through mobile apps, many of which are designed to foster social sharing activities and chatter. And where people go, cybercriminals follow.
You may remember the recent panic surrounding legal updates to WhatsApp’s policies. However, few realize that there was no real change for the end user in these controversial policies - it was simply a legal update to practices that have always existed. Nor were the security issues these unveiled unique to WhatsApp alone — Facebook, Viber, and many other platforms offering IM services have been repeatedly criticized for similar security problems. Simply sending a single text message has, on occasion, been enough to allow full access to a user’s personal data. WhatsApp, Signal, and Telegram have all been found to leak phone numbers of their user base. Additionally, despite its lofty security promises, Signal even left a user’s contacts free to mine for fake accounts and attacks.
Much of the issue lies in these platforms failing to encrypt the data it accesses and send, allowing plain text versions that couldn’t be simpler to intercept and abuse. And sadly, the vital nature of encryption remains an area that few end-users understand.
Why Encryption Counts
The nature of IMs lies in data transfer, the same as most online activities. If the data being trafficked this way is to remain secure, it should be done on the device. Additionally, to be fully secure, it would need to cover more than mere data transmission, which most have in place, albeit through the open-source Signal protocol. It must also cover the other functionality these apps demand- group chat routines, data storage, user interface, and all activities that access data and functions on your mobile device. In several of these apps, Telegram included, it is also frighteningly easy to transfer account access unless two-step authentication is in place.
Likewise, the desktop versions of much of this software have even less closure of vulnerabilities in place, with the additional risk of session hacking. Data transfer between devices is also purposefully simple - but leaves you open to further intrusion.
As a newer technology allows transfer from client to server to client, all messenger services are vulnerable. Yet these apps have lagged behind in intrinsic security protocols. However, there are ways and means to reduce the threats inherent in using these services. Solid data encryption, removal of backdoors that allow decryption, and other third-party protocols enacted on your mobile devices will help you reduce this risk of data leakage and keep your vital data secure from prying eyes.
Until we see much more robust responses to security threats from IM companies —including reducing their own internal data mining activities — it pays to turn to third-party solutions if you intend to keep using these modern communication methods.