WhatsApp users vulnerable to malicious attacks, suggests new study
Only 14 per cent of users of popular messaging apps such as WhatsApp, Facebook Messenger and Viber have successfully enabled the full security function that would protect their messages, reveals a new study. Researchers from Brigham Young University conducted a research, wherein they discovered that majority of the messaging app users are vulnerable to malicious attacks because they either aren’t aware of proper security features or aren’t using them at all.
“It is possible that a malicious third party or man-in-the-middle attacker can eavesdrop on their conversations,” says Elham Vaziripur, Brigham Young University computer science PhD student who led the study. While WhatsApp and Viber offer automatic end-to-end encryption; Facebook Messenger requires users to set it up themselves. According to Daily Mail, in order to truly encrypt messages, these platforms require something called an ‘authentication ceremony.’ This is a process that allows users to confirm the identity of their recipients, and ensures that no third party gets involved in the conversation.
“The effective security provided by secure messaging applications depends heavily on users completing an authentication ceremony—a sequence of manual operations enabling users to verify they are indeed communicating with one another,” reads the paper, which was presented at Thirteenth Symposium on Usable Privacy and Security. “Unfortunately, evidence to date suggests users are unable to do this,” it adds.
The research team carried out a two-phase experiment wherein the participants were requested to share a credit card number with one of their friends. The participants were kept informed regarding the potential threats, and encouraged to keep their messages confidential. However, only 14 per cent of users manage to successfully complete the authentication ceremony. The rest 86 per cent of the users made misguided attempts, or failed to ensure that their conversation was fully encrypted. In the second phase, the participants were asked to repeat the same activity. However, this time around, researchers explained what man-in-the-middle attacks are and emphasised on the importance of authentication ceremonies.
Towards the end, it was discovered that an average of 79 per cent of users were able to successfully authentic the other party. “Once we told people about the authentication ceremonies, most people could do it, but it was not simple, people were frustrated and it took them too long,” Daniel Zappala, a computer science professor who worked on the study, said.