HWZBB

The only BlackBerry community you will want to be in Singapore. Singapore BlackBerry users, unite!

HWZBB - The only BlackBerry community you will want to be in Singapore. Singapore BlackBerry users, unite!

Popular Messaging Applications Has Failing Security Practices

BBM Family

I know most of us probably use LINE, WEChat, Whatsapp often, sometimes even more often than BBM itself. But are your private little chats safe from prying eyes? Well, based on EFF’s latest survey, the data you think is safe, is probably not.

Some of the most widely used messaging apps in the world, including Google Hangouts, Facebook chat, Yahoo Messenger and Snapchat, flunked a best-practices security test by advocacy group the Electronic Frontier Foundation (EFF).

The organization evaluated 39 messaging products based on seven criteria it believes such tools should meet in order to ensure the privacy and security of digital communications.

The reviewed products included mobile texting apps, instant messaging clients, voice and video calling software and email services. The results were published Tuesday under the form of a Secure Messaging Scorecard.

When reviewing the products, the EFF asked the following questions:

— Does the application encrypt data in transit?

— Is the communication encrypted with a key the provider doesn’t have access to? This requires the use of encryption keys negotiated directly between user clients, also known as end-to-end encryption.

— Can users independently verify the identity of contacts they are speaking to even if the service provider is compromised?

— Do previous communications remain secure even if users’ long-term private keys are compromised? This property, known as forward secrecy requires cryptographic implementations that use ephemeral encryption keys for every session.

— Is the product’s code for communication and encryption open to independent review?

— Is the product’s cryptographic design well documented? This requires listing the product’s encryption and authentication algorithms; documenting the key generation, storage and exchange mechanisms; describing the process of revoking and changing keys; stating the protections the software aims to provide and the scenarios where it might not be secure.

— Has the product’s design and implementation been subjected to an independent security audit in the previous twelve months? An audit by a security team that is independent of the product’s development team within the same organization is sufficient.

But is this all that bad? Well, apparently not so:

Six applications, most of them open source, met all of the EFF’s requirements: CryptoCat, a Web-based instant messaging application; ChatSecure, an encrypted chat client for iPhone and Android; TextSecure, a text messaging app for Android; RedPhone, an encrypted calling app for Android and Signal, its version for iOS; Silent Text and Silent Phone, the encrypted texting and calling apps by secure communications provider Silent Circle.

Read it all in techworld

Category: News!

Your email address will not be published. Required fields are marked *

*

Please Verify That You Are Human * Time limit is exhausted. Please reload CAPTCHA.