Blog

Why are IM-messengers so unsecure? Part 2

How can e-criminals get inside our messengers and what can they steal?
25 February 2016
Cybersecurity testing
The article by a1qa
a1qa

The research of Electronic Frontier Foundation ascertained that only eight IM-messengers were corresponding to all types of security. How can e-criminals get inside our messengers and what can they steal? And more importantly, is there a way application security testing can stop cybercriminals from doing that?

Scripts are not remedy

All five applications (WhatsApp, Viber, Skype, Facebook Messenger, and Google Hangouts) encrypt the network traffic to protect users’ information from interception and modification. Although it’s vital for users’ security this type of protection is quite new.

For a long time, it was common to send images, locations, and links to files freely with no protection at all. But little by little as the applications were spreading within more people they capture the attention of information security specialists. They were finding vulnerabilities and then publishing them in open sources. That pushed developers to start fixing bugs.

If the application has an encrypted code, it still cannot ensure absolute security. Any profile can be hacked and spammed. The reason for insecurity can be simply explained: all applications are made by humans, and if at least one developer made a tiny mistake, the whole application might stay insecure.

Thus a potential criminal almost always has a chance to steal users’ data or disable applications using vulnerabilities developers and testers omitted. Those vulnerabilities can come up on the stage of entering the message. The thing is that even if the message is formed correctly it still may allow doing a random command or denial of service. In this case, personal data can be sold to a third party. The most harmless way to use stolen data is spamming those users with targeting ads. But if a denial of service is happening users will lose access to the application.

All five famous applications described in this article were proved to have at least one security flaw. Are there any flawless IM-messengers? According to EFF, the following IM-messengers correspond to all security requirements:

  • CryptoCat
  • Signal / RedPhone
  • Silent Text
  • Silent Phone
  • Telegram (secret chats)
  • Off-The-Record Messaging for Windows (Pidgin)
  • TextSecure
  • ChatSecure + Orbot

Unsecured by default

Many users are interested in whether the owners’ IM-clients have access to their private messages and files transferred. According to EFF all five applications compared in this article are not encrypted so the provider can read them. Even Blackberry Messenger which was considered to be well-protected one turned out to be vulnerable.

Facebook Messenger can, however, collect and use your data for advertising purposes. Some would consider this to be ‘spying’ on you, but not in the way that many reports are suggesting.

Going further, Google Hangouts doesn’t support off-the-record (OTR) encryption, which provides a secure, end-to-end connection between users. Using OTR encryption, no one can read your messages – not even your Internet service provider. But no Google service supports OTR encryption, and many privacy advocates, like the EFF, say they should.

Moreover, some applications are not just encrypted but allow bosses to watch their employee chats if they are registered in the special app. It can be said about Slack. Being oriented on corporate communication it allows bosses not just to watch, but even to correct both business and private chats.

As we can see from the EFF rating, the most popular applications remain insecure. At the same time, the applications developed by amateurs and not well known were found to have a high level of security. Anyway, it’s always up to a user which application to choose, a popular and unsecured or secured but little-known one.

More Posts

On the pulse of 2024: optimizing the adoption of eHealth trends with QA
15 February 2024,
by a1qa
4 min read
On the pulse of 2024: optimizing the adoption of eHealth trends with QA
Generative AI, cybersecurity, AR/VR — come and explore how these trends are reshaping the future of healthcare and how QA helps implement them with confidence.
Cybersecurity testing
Functional testing
Performance testing
QA trends
Navigating the future: QA trends that will define 2024. Part 2
30 January 2024,
by a1qa
4 min read
Navigating the future: QA trends that will define 2024. Part 2
We continue exploring QA trends, helping businesses remain competitive in 2024.
Cloud-based testing
Cybersecurity testing
QA trends
Quality assurance
The year in valuable conversations: recapping 2023 a1qa’s roundtables for IT executives 
8 December 2023,
by a1qa
3 min read
The year in valuable conversations: recapping 2023 a1qa’s roundtables for IT executives 
From dissecting novel industry trends to navigating effective ways of enhancing software quality — let’s recall all a1qa’s roundtables. Join us!
Big data testing
Cybersecurity testing
Functional testing
General
Interviews
Performance testing
QA trends
Quality assurance
Test automation
Usability testing
Web app testing
black-friday
22 November 2023,
by a1qa
4 min read
Get ready for Black-Friday-to-Cyber-Monday shopping: 5 testing types to include in your QA strategy
What’s your nightmare during Black Friday and Cyber Monday shopping? If it’s a loss of sales, read about the ways to prevent this in the article.
Cybersecurity testing
Functional testing
Localization testing
Performance testing
Usability testing
6 top reasons why business should invest in software quality
9 November 2023,
by a1qa
4 min read
6 top reasons why business should invest in software quality
We congratulate you on the World Quality Day with the article by Alina Karachun, Account director at a1qa, having 10+ years of QA expertise. Delve into it to explore the reasons why businesses should prioritize software quality.
Cybersecurity testing
Functional testing
General
Interviews
Performance testing
Quality assurance
streaming services
30 October 2023,
by a1qa
3 min read
Enable crash-proof streaming platforms for Holidays season
Ho ho ho! It’s time to prepare your streaming products for the influx of viewers. Read about how to put peak-load anxiety behind by applying rigorous testing of your IT solution.
Cybersecurity testing
Functional testing
Performance testing
Usability testing
On the way to Web 3.0: key software testing aspects for seamless digital experiences. Part 2
12 October 2023,
by a1qa
4 min read
On the way to Web 3.0: key software testing aspects for seamless digital experiences. Part 2
Let’s analyze essential software testing checks to improve the quality of the business-critical Web 3.0 functionality.
Cybersecurity testing
Functional testing
Performance testing
Quality assurance
Test automation
Usability testing
gaming-qa
24 August 2023,
by a1qa
4 min read
Ready, steady, test: How QA drives seamless gaming experiences
Why is QA pivotal for delivering unmatched player experiences? How to level up video game quality? Find the answers in the article.
Cybersecurity testing
Functional testing
Localization testing
Performance testing
Quality assurance
Test automation
Usability testing
12jun202311
22 June 2023,
by a1qa
4 min read
The ins and outs of ensuring OSS/BSS software quality: a hands-on guide
The need for OSS/BSS’ flawless operation is undisputable, but how can we reach that goal? Inter alia, a1qa suggests focusing on delivering high software quality to the end users.
Cybersecurity testing
Functional testing
General
Performance testing

Get in touch

Please fill in the required field.
Email address seems invalid.
Please fill in the required field.
We use cookies on our website to improve its functionality and to enhance your user experience. We also use cookies for analytics. If you continue to browse this website, we will assume you agree that we can place cookies on your device. For more details, please read our Privacy and Cookies Policy.