What messaging apps kill your battery and steal your data

An “Enigma” encryption machine utilized by the Nazis, found by German divers within the Baltic Sea

The encryption machine was found in Gelting Bay by a crew of divers conducting operations to establish and get well deserted fishing nets that...

Joe Biden and the social problem within the US

With an economic system that generates 21.4 trillion {dollars} a yr, America is the richest nation on the planet, but additionally the fourth nation...

US additionally withdraws troops from Somalia after departure from Iraq and Afghanistan

President Donald Trump ordered the departure of virtually all US troops from Somalia on Friday (native time). By January 15, the variety of...

USA breaks its file of infections for the second day in a row with 225,594

America registered this Friday 225,594 new infections of coronavirus and beat the file of infections recorded Thursday (210,962) with the pandemic spreading throughout...

Argentina approves a solidarity tax on massive fortunes

The Argentine Senate has authorized this Friday a tax on massive fortunes with which it seeks to lift 300,000 million pesos (3,030 million...

Link previews are a ubiquitous feature found in almost every chat and messaging app for good reason. Online conversations become easier to maintain by providing images and text associated with the attached file.

Unfortunately, link previews can leak data, consume limited bandwidth, drain batteries, and expose links in chats that should be end-to-end encrypted.

Such criminals included Facebook, Instagram, LinkedIn and Line messaging, according to him a study.

How do link previews work?

When a sender includes a link in a message, the application will display the conversation along with the text (usually a title) and images that accompany the link.

For this to happen, the application itself – or a proxy designated by the application – must visit the link, open the file there and analyze what it contains. This can be an exposure of users to cyber attacks.

The most severe are those that can download malware. Other forms could be forcing an application to download files that are large enough to block the application, drain the batteries, or consume limited amounts of bandwidth.

If the link leads to private material – say, a tax return posted to a private OneDrive or DropBox account – the application server has the ability to view and store it indefinitely.

What applications expose you to such risks?

Talal Haj Bakry and Tommy Mysk, the researchers behind the report, found that Facebook Messenger and Instagram were the messaging applications most frequently involved in such actions.

Both applications download and copy a fully connected file – even if it’s a gigabyte in size. This can be a problem especially if the file is something that users want to keep private.

Also, both applications run any JavaScript contained in the link. This is a problem because users have no way to check JavaScript security and can’t expect messengers to have the same operating protections that modern browsers have.

Haj Bakry and Mysk reported their findings to Facebook, and the company said both applications work according to the rules.

In the case of LinkedIn, the security issues were less serious. The difference was that instead of copying files of any size, it only copied the first 50 megabits.

Meanwhile, when Line opens an encrypted message and finds a link, it appears to send the link to the Line server to generate a preview.

“We believe this violates the purpose of end-to-end encryption, because Line servers know everything about the links that are sent through the application and information about who sends what links to whom,” wrote Haj Bakry and Mysk.

Discord, Google Hangouts, Slack, Twitter and Zoom also copy files, but limit the amount of data from 15 MB to 50 MB. The chart below provides a comparison of each application in the study.

At the opposite end, however, The study reveals that many applications they do things right. For example, Signal, Threema, TikTok and WeChat give all users the option to not receive link previews.

For truly sensitive messages and users who want as much privacy as possible, this is the perfect setting.

trending

Related Articles