WhatsApp, FB Messenger, Viber expose users to hacks: study

Users of popular messaging apps WhatsApp, Facebook Messenger, and Viber are unknowingly leaving themselves exposed to fraud and hacking, according to a new study. 

Researchers found the majority of users are vulnerable to malicious attacks because they either don't know about or aren't using the proper security features. 

In a study, only 14 percent of participants successfully enabled the full security function that would protect their messages.

Scroll down for video 

Users  WhatsApp, Facebook Messenger, and Viber are unknowingly leaving themselves exposed to fraud and hacking, according to a new study. Researchers found the majority of users either don't know about or aren't using the proper security features

Users  WhatsApp, Facebook Messenger, and Viber are unknowingly leaving themselves exposed to fraud and hacking, according to a new study. Researchers found the majority of users either don't know about or aren't using the proper security features

THE FINDINGS 

In the study's first phase, only 14 percent of users, however, managed to successfully complete the authentication ceremony.

In the second phase, in which they were explicitly told about the thread and advised to complete an authentication ceremony, 79 percent were able to successfully authenticate the other party.

The percentage for phase two varied from 63 to 96 percent from app to app, with participants finding the most success with Viber and less with Facebook Messenger and WhatsApp.

However, researchers discovered it took those participants an average of 11 minutes to do so. 

'It is possible that a malicious third party or man-in-the middle attacker can eavesdrop on their conversations,' said Brigham Young University computer science PhD student Elham Vaziripour, who led the recent study.

Facebook messenger doesn't offer automatic encryption but allows users to set it up themselves. 

WhatsApp and Viber, however, both tout their end-to-end encryption is automatic and makes it so even they can't access your messages, which leads many users to believe their conversations are secure.

But that's not the case - to truly encrypt messages, all three apps require what's called an 'authentication ceremony.'

The process allows users to confirm the identify of their intended conversation partner and makes sure no other third party can trick you into revealing the contents of your messages.

Without doing so, Daniel Zappala, a computer science professor who worked on the study, told DailyMail.com that 'a clever hacker could make you think that you are encrypting your messages to your partner (let's call her Alice), when in reality, you are encrypting your messages for an intruder (let's call her Trudy).'

Authentication ceremonies for WhatsApp, Viber and Facebook Messenger

Authentication ceremonies for WhatsApp, Viber and Facebook Messenger

'Trudy decrypts your messages, so she can read them, and then re-encrypts the messages to send them to Alice.'

'Alice thinks she got the messages directly from you, when in reality, Trudy was in the middle of the conversation and able to read it all.'

'This could be done by the service provider or by a hacker who is able to get into the middle of your conversation (such as at a wireless hotspot) and is known as a "man-in-the-middle" attack in the security community.'

When users perform the authentication ceremony, they are essentially comparing 'keys' to see the secured conversation to make sure they match.

Yet most users are completely unaware such action is necessary to keep their messages private, as the manual process is 'somewhat hidden behind a few clicks in the user interface,' according to Zappala. 

While explicit instructions regarding the authentication ceremony caused a drastic increase in the number of users completing it, researchers discovered it took those participants an average of 11 minutes to do so, revealing how confusing the process is

While explicit instructions regarding the authentication ceremony caused a drastic increase in the number of users completing it, researchers discovered it took those participants an average of 11 minutes to do so, revealing how confusing the process is

'The effective security provided by secure messaging applications depends heavily on users completing an authentication ceremony—a sequence of manual operations enabling users to verify they are indeed communicating with one another,' reads the paper, which was presented at Thirteenth Symposium on Usable Privacy and Security.

'Unfortunately, evidence to date suggests users are unable to do this.' 

In the first part of the two-phase experiment - which was funded in part by more than $1 million in grants from the National Science Foundation and Department of Homeland Security - the research team prompted study participants to share a credit card number with a friend they brought with them for the experiment.

The researchers also warned the participants about potential threats

read more from dailymail.....

Get the latest news delivered to your inbox

Follow us on social media networks

NEXT NHS saves sperm of transgender teenagers