November 20, 2015

Are your secrets safe on your messenger apps?

News Privacy Technology

What is the best channel to exchange private information on? Or even better, what channels should you avoid using for this type of sharing?

It goes without saying that it’s a bad idea to use insecure means of communication. However, this happens every day by many of us without a second thought or consideration of consequence.

Are your secrets safe on your messenger apps?

Recent research, commissioned by Kaspersky Lab and conducted by B2B International, showed that 62% of respondents don’t think online messengers are secure, 61% don’t trust VoIP services and 60% don’t feel protected when conversing in a video chat. At the same time, 37% of participants prefer online messengers, 25% are into social network messengers and 15% frequently use VoIP.

Besides, 17% of users employ electronic means of communication to exchange private and critical data. It would be useful to find out how many of them actually saw their data exposed online, yet the stats did not cover this information.

The skeptical treatment messengers receive from so many users is totally justified. Research by Electronic Frontier Foundation (EFF) showed that the majority of popular messengers do not boast high security levels.

The highest score a secure messenger could get was seven points. Unfortunately, Skype, AIM and Blackberry Messenger attained merely one point, whereas Viber, Google Hangouts, Facebook Messenger and Snapchat scored as high as just two points.

The ubiquitous WhatsApp was also awarded only two points, but there is a possibility that this messenger will finally do its homework and soon get a higher scope for the reliability of encryption – after a protocol by Open Whisper Systems becomes fully supported by WhatsApp.

All of the above messengers do encrypt communication, yet none of them changes encryption keys or verifies the interlocutor’s identity. Moreover, developers in the companies are, in fact, able to read your private correspondence. Also, due to the proprietary nature of the code, the vulnerabilities can be discovered and patched only by the company’s staff – all of these factors were considered during the assessment by EFF.

Of all relevantly popular messengers, only two were found to be acceptably secure: Apple iMessage, which scored four points and Telegram with the result of five points. As for Telegram developers, they seem to have started to read users’ correspondence and block undesirable channels (those alleged to have ties to terrorist organizations).

There is only one popular and at the same time relevantly secure videochatting app – Apple Facetime, which scored four points.

So does that mean there is simply no such thing as a truly secure messenger? Well, there are a handful of them, but they are not heavily used. Have you heard of Chatsecure, CryptoCat, Signal or SilentText? Probably not, but they were the champions of EFF’s rating. Some other messengers, which are equally ‘popular,” like OTR messages by Adium and Pidgin, as well as Retroshare and Subrosa, scored six points.

Secure VoIP services are also real: they are RedPhone and Silent Phone, which scored the maximum, and Jitsi, which scored six.

A truly secure messenger does not resort to encryption alone. Such programs are using dynamic encryption keys, so an adversary is not able to compromise correspondence with intercepted keys. Also, it’s an advantage if the messenger relies on the open-source code, essentially allowing the user community to identify bugs and vulnerabilities and fix those issues. Besides, this way the service developers are not able to access the private messages, what in fact makes the correspondence ‘private’ by design.

So, if you decided to share something very secret over an online messenger, we suggest you urge your interlocutor to use those, which are less popular yet more secure.

In general, the use of messengers proves that people are very lax about their own privacy. The absolute majority of people prefer to stick to a more familiar and convenient option regardless of the level of security and privacy it guarantees. It’s just the same with people who cross the road wherever they feel convenient, not bothering to use a designated pedestrian crossing.

If you want to know whether your actions online expose you to threats or, vice versa, serve to protect your online life, take the quiz to find out how cybersavvy you are. You might be very surprised with the results!