Skip to main content

Mobile Messengers Expose Billions Of Users To Privacy Attacks

When new users install popular mobile messengers (like WhatsApp, Telegram, or Signal), users can start messaging existing contacts based on the mobile numbers stored on their mobile devices instantly. For this, users must allow the app permission to access and transmit their address book to company servers frequently which is called mobile contact discovery.

According to a team of researchers from the Secure Software Systems Group and Privacy Engineering Group, currently deployed contact discovery services highly threaten the privacy of billions of mobile messengers users.

A team of researchers also demonstrated the practical crawling attack on popular mobile messengers like WhatsApp, Telegram, and Signal. And the results of this experiment show that hackers can collect private sensitive data at a very large scale and without significant restrictions by querying mobile contact discovery services for any random mobile numbers

For further study, the team of researchers queried around 10% of all USA's mobile phone numbers for the WhatsApp app and 100% for the Signal app. So, they were able to collect personal information which generally stored in the messenger app's user profiles including profile pic, status, names, and the last online time. 

So, they analyzed this information and reveals some interesting statistics about user behavior. Let's see some of the interesting statistics below : 

  • Only a few users change their messenger app's default privacy settings means most mobile messenger apps are not privacy-friendly at all.
  • Around 50% of WhatsApp app's user in the USA have a public profile picture.
  • Around 90% of WhatsApp app's users in the USA have a public About text.
  • Around 40% of the Signal app's users are also using WhatsApp app and every other of those Signal app's users have a public profile pictures on the WhatsApp app.

So, by tracking such information over time enables hackers to create accurate behavior models of users. And when this information is matched across social media networks and public data sources, third-party can create detailed profiles of users to scam them. 

In the case of Telegram, a team of researchers discovered that telegram's contact discovery service exposes private sensitive information of users of mobile numbers even they are not registered with the service

The private sensitive information which is revealed during the contact discovery and collected via crawling attacks totally depends on the service provider and the privacy settings of the user. Ex. WhatsApp and Telegram upload the user's entire address book to their servers

While privacy-focused messengers app like Signal transmits only short cryptographic hash values of mobile numbers. However, the researchers show that with enhanced attack strategies, the attackers find out corresponding mobile numbers from cryptographic hash values within milliseconds. 

It is important to note that there are no restrictions for signing up with these popular messenger services, any third-party service can create a large number of accounts to collect the user information of a messenger by requesting data for random mobile numbers.

To protect against crawling attacks, all messenger apps users should revisit their privacy settings

A team of researchers reported their findings to the particular messenger service providers. Due to that, WhatsApp has improved its protection strategy such that large-scale attacks can be easily detected and mitigated. And Signal has minimized the numbers of queries to complex crawling. 

A team of researchers also suggested other mitigation strategies include a new contact discovery approach which can be used to decrease the efficiency of attacks.

If you have any questions related to the crawling attacks on popular mobile messengers and also want to share your views on this then please mention in the comments box and I will get back to you. 


Popular posts from this blog

How To Check If a Link Is Safe To Click

Many times, we share links among our friends on social media platforms like WhatsApp, Facebook, Instagram or Twitter. But do we know how safe they are? What can happen if you click on any malicious link? We never think of the following things : Links can drop various harmful programs, viruses on your device Links can steal your personal data by dropping spyware or keyloggers Use your browser for crypto mining which will affect your device's performance Even if your device is secured with antivirus, not all of them warn you before clicking such malicious links . And the moment you click on these, they will become big trouble for you. This can sometimes even be dangerous with regard to data security and identity theft. So, Be careful about what you click on. These days one of the quickest growing security issues is ransomware , which is often spread by the user unintentionally clicking dangerous links in emails, social media platforms, messengers, and other tool

TikTok Secretly Sent Users Private Data & PII Number to Chinese Server Including Draft Videos

The popular Android and iOS short-videos creating app, TikTok hit with a lawsuit claims that the app illegally and secretly transfers app's users' private sensitive data and Personally Identifiable Information (PII) to Chinese servers. TikTok which is a 15-second short-video creating app especially popular among the younger generation and also downloaded over 1.3 Billion times worldwide . TikTok remains top in the most downloaded app list for months on the Apple App Store and Google Play Store.  According to the lawsuit, Tiktok shared the user's created videos which include private acts and closeups of user's faces (biometric data) before the videos are saved on the app. TikTok provides many options includes the next button, close button, and button for effects to its users while recording the video. Here, the next button takes users to the screen that shows these two options : "post" and "save".  After clicking on the "next" button, Tik

Facebook, Instagram and WhatsApp Down : Apps Crash For Users Worldwide Including In India

If you are facing problems with Facebook , Instagram , and WhatsApp on your device then you are not alone. Suddenly, the service of Facebook, Instagram, and WhatsApp's are facing technical problems since late evening on Wednesday. Users are facing these types of problems on Facebook :- While using Facebook, Users are facing problems in loading images, loading videos, and loading all other data across its apps while some users were unable to load photos on Facebook News Feed. On the Twitter platform, Facebook said that it is aware of the issue. Users are facing these types of problems on Instagram :- On Instagram (just like Facebook apps), the issues appear to be limited only to a certain part of the site. Many users report an issue to Instagram that their feed might not load, also it is not possible to post anything new (images, videos, stories) into it. If a user tries to post anything new (images, videos, stories) brings up an error indicat