Sent and received images and shared location points can also be monitored in plain text on those apps. MeetMe, MessageMe and TextMe all send information in plain, unencrypted text, which could give an attacker the ability to monitor the communications of users running those applications on a local network. Nimbuzz was also caught storing user passwords in plain text. Three other free calling and messengers apps, Tango, Nimbuzz and Kik, had bugs that let the researchers pilfer images, location points and videos. Instagram’s lack of full encryption is an issue we’ve covered here at Kaspersky Daily in the past. A video chat application called ooVoo contained essentially the same vulnerabilities as the Instagram Direct app. The researchers were also able to sniff out certain keywords over HTTP, allowing them to view certain information shared between users of the popular online dating service, OKCupid. Per Threatpost, Instagram Direct’s messaging functionality was leaking photos shared between users as well as past images that were stored in plain-text on Instagram’s servers. “Anyone who has used or continues to use the tested applications are at risk of confidential breaches involving a variety of data, including their passwords in some instances,” says Abe Baggili, assistant professor of computer science at UNH’s Tagliatela College of Engineering, and head of the cFREG. “Although all of the data transmitted through these apps is supposed to go securely from just one person to another, we have found that private communications can be viewed by others because the data is not being encrypted and the original user has no clue.”
0 Comments
Leave a Reply. |