Popular Messaging Apps Shows Encrypting is Easy but Authenticating is Hard

How secure are your messages?

Popular Messaging Apps Shows Encrypting is Easy but Authenticating is Hard
Image Credit: Pixabay

A recent study by the Brigham Young University suggests, users who use popular messaging apps like Facebook Messenger, WhatsApp and Viber are exposing themselves to fraud or other hacking.

Researchers at the Brigham Young University show that the people who use popular messaging apps, don’t know about or aren’t using important security options.

WhatsApp and Viber encrypt messages by default. They also involve an authentication ceremony to ensure true security.

BYU computer science Ph.D. student Elham Vaziripour said, “Most of the users are unaware of the ceremony and its importance. It is possible that a malicious third party or man-in-the middle attacker can eavesdrop on their conversations.”

“We wanted to understand how typical users are protecting their privacy.”

The validation service enables users to ensure the recognition of their planned discussion accomplice and ensures no other individual.

Zappala said, “When we told people about the authentication ceremonies, people were frustrated and it took them too long.”

Scientists conducted a two-phase experiment. During the 1st phase, scientists asked participants to share their credit card number with another participant. But while sharing, they warned participants about potential threats and encouraged to make sure their messages were confidential.

Almost 14% users in this phase managed to successfully authenticate their recipient. Others opted for ad-hoc security measures like asking their partners for details about a shared experience.

During the second phase, scientists asked participants to do the same. In this round, they told importance about authentication ceremonies. According to that, 79% of users were able to successfully authenticate the other party. In this phase, participants took 11 minutes to authenticate their partners.

Science professor Kent Seamons said, “Because most people don’t experience significant security problems, both professors agreed, it’s hard to make a case for them investing the time and effort to understand and use security features that applications offer.”

“But because there’s always a risk in online communications, we want to make it much easier to do and cut that time way down.”

“Security researchers often build systems without finding out what people need and want. The goal in our labs is to design technology that’s simple and usable enough for anyone to use.”

REFERENCEBrigham Young University
JOURNAL REFERENCEUsenix
SHARE