WhatsApp, Telegram messengers are extremely insecure: Study

4

London, Sep 16 | Popular mobile messengers like WhatsApp expose personal data via discovery services that allow users to find contacts based on phone numbers from their address book, say researchers.

When installing a mobile messenger like WhatsApp, new users can instantly start texting existing contacts based on the phone numbers stored on their device.

For this to happen, users must grant the app permission to access and regularly upload their address book to company servers in a process called mobile contact discovery.

The study from the Technical University of Darmstadt and the University of Würzburg in Germany, shows that currently deployed contact discovery services severely threaten the privacy of billions of users.

Utilizing very few resources, the researchers were able to perform practical crawling attacks on the popular messengers WhatsApp, Signal and Telegram.

The results of the experiments demonstrate that malicious users or hackers can collect sensitive data on a large scale and without noteworthy restrictions by querying contact discovery services for random phone numbers.

For the study, the researchers queried 10 per cent of all US mobile phone numbers for WhatsApp and 100 per cent for Signal.

Thereby, they were able to gather personal (meta) data commonly stored in the messengers’ user profiles, including profile pictures, nicknames, status texts and the “last online” time.

The analyzed data also reveals interesting statistics about user behaviour. For example, very few users change the default privacy settings, which for most messengers are not privacy-friendly at all.

The researchers found that about 50 per cent of WhatsApp users in the US have a public profile picture and 90 per cent a public “About” text.

Interestingly, 40 per cent of Signal users, which can be assumed to be more privacy concerned in general, are also using WhatsApp, and every other of those Signal users has a public profile picture on WhatsApp.

Tracking such data over time enables attackers to build accurate behaviour models.

When the data is matched across social networks and public data sources, third parties can also build detailed profiles, for example to scam users.

For Telegram, the researchers found that its contact discovery service exposes sensitive information even about owners of phone numbers who are not registered with the service.

“Which information is revealed during contact discovery and can be collected via crawling attacks depends on the service provider and the privacy settings of the user,” the researchers wrote.

Since there are no noteworthy restrictions for signing up with messaging services, any third party can create a large number of accounts to crawl the user database of a messenger for information by requesting data for random phone numbers.

“We strongly advise all users of messenger apps to revisit their privacy settings,” the team said.

The study is scheduled to be released in February 2021 at the 28th Annual Network and Distributed System Security Symposium (NDSS), a top conference for IT security.

Source: IANS

Sponsors Posts

Policybazaar Unveils its new brand campaign "AapKiSideHai"

Policybazaar Unveils its new brand campaign

Akshay Kumar delivers the brand’s promise of always being on the customer’s side

Gurugram, 19th Sept, 2020: Policybazaar.com (Twitter handle: PolicyBazaar), India’s largest online insurance marketplace with over 10 million customers, showcases its commitment to customers in its new television campaign “AapKiSideHai”. The new ad campaign featuring Policybazaar brand ambassador, Akshay Kumar, highlights the brand’s promise of embracing a holistic customer centric approach while helping to bridge the insurance protection gap in India.

Policybazaar’sAapKiSideHai campaign seeks to reassure its customers on being a dependable Insurance partner for them, every step of the way. The brand has always focused on distributing products like term insurance, health insurance, zero commission ULIP’s and motor insurance that are optimal from a customer perspective. Policybazaar is now extending the brand promise beyond the purchase experience to ensure that consumers get the highest levels of service throughout the policy lifecycle.

The new brand campaign reinforces Policybazaar core value of putting the customer first by delivering on its promise of providing a trusted platform for all types of insurance products. The brand is committed to guiding the customer throughout the insurance journey, starting from recommending the right products at affordable pricing, ensuring thatthe policy issuance process is smooth and fast, and, to providing services and claims assistance when needed.

“While we continue to highlight the importance of Health & Term life Insurance through our marketing campaigns, with the brand promise of Policybazaar AapKiSideHai, we also intend to position Policybazaar as a customer centric brand, that is committed to stand by its customers, both pre and post purchase”, said Samir Sethi, Head of Brand Marketing, Policybazaar.com. The new ad series highlights Policybazaar’s unparalleled support to customers, while providing them with the ease of comparing and buying term and health plans online with guidance at each & every step.

Speaking about the TVC launch, Sharat Dhall, Chief Operating Officer, Policybazaar.com said, “Our ultimate aim is to provide 360-degree assistance to customers that starts from when the policy is bought, to provide assistance when the claim is paid out, should such a situation arise. Winning and maintaining customer trust is a strong ethos within the company and this campaign reflects that. At a time when the world is grappling with a crisis like no other, the brand intends to instill confidence in the customers’ buying decisions by assuring them protection of their futures with the right insurance products & thorough assistance throughout the journey.”

The new brand campaign in its series displays moments of indecision that people may have while investing in protection products. It addresses these queries &emphasizes the importance of nurturing a bond with the consumers thereby creating customer delight.

LEAVE A REPLY

Please enter your comment!
Please enter your name here