We need your help now

Support from readers like you keeps The Journal open.

You are visiting us because we have something you value. Independent, unbiased news that tells the truth. Advertising revenue goes some way to support our mission, but this year it has not been enough.

If you've seen value in our reporting, please contribute what you can, so we can continue to produce accurate and meaningful journalism. For everyone who needs it.

HStocks via Shutterstock
Cyber Security

Most people at risk of fraud or hacking through messaging apps, researchers say

Only 14% of people studied were securing their messaging apps properly.

MOST USERS OF popular messaging applications are leaving themselves exposed to fraud or other hacking because they aren’t using important security options, research has found.

“We wanted to understand how typical users are protecting their privacy,” said Brigham Young University computer science student Elham Vaziripour, who led the study.

The short answer is, they’re generally not.

The study looked at user interaction with Facebook Messenger, WhatsApp and Viber.

‘Eavesdrop on conversations’ 

Although WhatsApp and Viber encrypt messages by default, all three messaging apps also require what’s called an authentication ceremony to ensure true security.

But because most users are unaware of the ceremony and its importance, “it is possible that a malicious third-party or man-in-the middle attacker can eavesdrop on their conversations”.

The authentication ceremony allows users to confirm the identity of their intended conversation partner, and makes sure no other person – even the company providing the messaging app – can intercept messages.

In the first phase of a two-phase experiment, the research team prompted study participants to share a credit card number with another participant.

The participants were warned about potential threats and encouraged to make sure their messages were confidential.

However, only 14% of users in this phase managed to successfully authenticate their recipient. Others opted for ad-hoc security measures like asking their partners for details about a shared experience.

Impact of authentication ceremonies

In the second phase, participants were asked again to share a credit card number, but in this round, researchers emphasized the importance of authentication ceremonies.

With that reminder, 79% of users were able to successfully authenticate the other party.

Despite the drastic change, researchers found another significant hurdle – on average, it took participants 11 minutes to authenticate their partners.

Computer science professor Daniel Zappala said:

Once we told people about the authentication ceremonies, most people could do it, but it was not simple, people were frustrated and it took them too long.

Because most people don’t experience significant security problems, the researchers said, it’s hard to make a case for them investing the time and effort to understand and use security features that apps offer.

“If we can perform the authentication ceremony behind the scenes for users automatically or effortlessly, we can address these problems without necessitating user education,” Vaziripour said.

Read: The colour of your Instagram photos can give a clue about your mood

More: Do you know how to protect your child on social media apps?

Readers like you are keeping these stories free for everyone...
A mix of advertising and supporting contributions helps keep paywalls away from valuable information like this article. Over 5,000 readers like you have already stepped up and support us with a monthly payment or a once-off donation.

Your Voice
Readers Comments
    Submit a report
    Please help us understand how this comment violates our community guidelines.
    Thank you for the feedback
    Your feedback has been sent to our team for review.