How Secure Are Your Messages

Discussion in '[H]ard|OCP Front Page News' started by rgMekanic, Aug 11, 2017.

  1. rgMekanic

    rgMekanic [H]ard|News Staff Member

    Messages:
    3,197
    Joined:
    May 13, 2013
    Researchers at Brigham Young University have learned that most users of popular messaging apps Facebook Messenger, What’sApp and Viber are leaving themselves exposed to fraud or other hacking because they don’t know about or aren’t using important security options. Even though What’sApp and Viber encrypt messages by default, all three messaging apps also require what’s called an authentication ceremony to ensure true security. And without that ceremony "it is possible that a malicious third party or man-in-the middle attacker can eavesdrop on their conversations."

    In a two-phase experiment, users were instructed to share a credit card number with another participant. Only 14 percent of users successfully managed to authenticate their recipient. In the second phase, they were asked to do the same, but this time researchers emphasized the importance of authentication ceremonies. With that prompting, 79 percent of users were able to successfully authenticate the other party. Despite the increase, participants averaged 11 minutes to authenticate their partners.

    I don't personally use any of these apps so I can't directly comment on the authentication process. It is nice that these apps do provide such a ceremony to make sure the messages stay secure, but having them buried on average 11 minutes away is ridiculous.

    Because most people don’t experience significant security problems, both professors agreed, it’s hard to make a case for them investing the time and effort to understand and use security features that applications offer. But because there’s always a risk in online communications, Seamons added, "we want to make it much easier to do and cut that time way down."
     
  2. gigaxtreme1

    gigaxtreme1 2[H]4U

    Messages:
    2,988
    Joined:
    Oct 1, 2002
    Just disabled GPS on my phone again. Been getting survey ads and prefer to not be tracked. Privacy doesn't seem to be a concern any more. Minimal banking on the phone, deposit only, and no credit cards. threw my phone in my pocket without shutting screen off once and I found it trying to order a phone case off of Amazon..
     
    Wrecked Em likes this.
  3. Simmonz

    Simmonz 2[H]4U

    Messages:
    2,362
    Joined:
    May 14, 2008
    Stupid people can't use things properly, not shocking. I only use Signal myself.
     
  4. viscountalpha

    viscountalpha [H]ard|Gawd

    Messages:
    2,018
    Joined:
    Oct 16, 2011
    Facebook app will mine your info. I've seen it. It's creepy. I don't trust Facebook at all. I add a layer of dis-information to my profile for this very reason.
     
  5. U-238

    U-238 [H]Lite

    Messages:
    126
    Joined:
    Aug 14, 2008
    I read that as:

    YOU MUST MAKE THE BLOOD SACRIFICE TO THE HEATHEN GODS OF AUTHENTICATION FOR YOUR SAFETY!!!!
     
    Spidey329 and rgMekanic like this.
  6. Spidey329

    Spidey329 [H]ardForum Junkie

    Messages:
    8,272
    Joined:
    Dec 15, 2003
    Same here. Although I think a blood sacrifice may be a tad quicker.
     
  7. daglesj

    daglesj [H]ardness Supreme

    Messages:
    4,521
    Joined:
    May 7, 2005
    I just use SMS, everyone has that.
     
  8. Gigus Fire

    Gigus Fire 2[H]4U

    Messages:
    2,064
    Joined:
    Oct 14, 2004
    how about: not very
     
  9. sfsuphysics

    sfsuphysics I don't get it

    Messages:
    12,098
    Joined:
    Jan 14, 2007
    Well it is BYU, and those Mormons are known for some crazy shit!
     
  10. Gavian

    Gavian [H]Lite

    Messages:
    107
    Joined:
    Jan 13, 2016
    Not secure enough to send the nudes.
     
  11. HoffY

    HoffY Gawd

    Messages:
    869
    Joined:
    Mar 7, 2005
    Perhaps its got something to do with the users not knowing if its a secure connection? I've given WhatsApp a test for a while with one friend and its a great app (before Fecesbook bought it, so no doubt its security mantra will now be a data harvesting mantra). But i see no UI cues that there is a secure session going on.. so how do users know "to authenticate their recipient." ?
     
  12. geekebox

    geekebox [H]Lite

    Messages:
    120
    Joined:
    Jul 29, 2016
    I wonder how Facetime and iMessage compares.