Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
  HOME     MENU     SEARCH     NEWSLETTER    
CUSTOMER RELATIONSHIP MANAGEMENT NEWS. UPDATED 14 MINUTES AGO.
You are here: Home / Mobile Tech / Few Message Apps Are Truly Secure
Few Messaging Apps Found To Be Truly Secure
Few Messaging Apps Found To Be Truly Secure
By Dan Heilman / CRM Daily Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
NOVEMBER
05
2014
How secure is your favorite messaging app? In all probability, not very. According to the Electronic Frontier Foundation, only six applications were able to pass its security test. That's out of a total of 39 services (including those from Apple, Google, Facebook, BlackBerry, Microsoft, and Yahoo) that EFF examined.

EFF looked at seven issues:

  • Is data encrypted in transit?
  • Is it encrypted so the provider can't read it?
  • Can the service verify contacts' identities?
  • Are past communications secure if keys are stolen?
  • Is the code open to independent review?
  • Is security design properly documented?
  • Has the code been audited?
Each of the 39 apps tested encrypted content in transit, but only six satisfied all of the EFF's requirements on its Secure Messaging Scorecard. Those apps were ChatSecure + Orbot, Cryptocat, RedPhone, Silent Phone, Silent Text and TextSecure.

Apple actually fared well, hitting five out of the seven requirements. It lost points for not verifying contacts' identities or opening its code to independent review.

Most other popular services only checked off two boxes (WhatsApp, Snapchat, Skype, Google Hangouts, Facebook chat) -- usually encrypted in transit and having code audited. AIM only satisfied the encrypted in transit bit.

"In the face of widespread Internet surveillance, we need a secure and practical means of talking to each other from our phones and computers," the EFF's report said. "Many companies offer 'secure messaging' products -- but are these systems actually secure?"

Will Anyone Notice?

We reached out to Rick Holland, principal security and risk management analyst for Forrester, about the study's significance. Holland suggested the results will be of greater interest to industry insiders and observers than to the man or woman on the street.

"Unfortunately, consumers have a short memory," he told us. "I think this will have a minimal impact to non-techie/tinfoil-hat consumers. Tech-savvy individuals will certainly change their behavior based on the performance."

The report is part a campaign that EFF ran with Julia Angwin at ProPublica and Joseph Bonneau from the Princeton Center for IT Policy. The idea is to promote technologies that are both secure and easy to use.

"Our campaign is focused on communication technologies -- including chat clients, text messaging apps, e-mail applications, and video calling technologies," EFF said. "These are the tools everyday users need to communicate with friends, family members, and colleagues, and we need secure solutions for them."

Making Inroads

At least one tech giant is taking visible steps to step up its security game. Google's Android Security Team recently offered the nogotofail tool, which lets users confirm that devices or apps are safe against known TLS/SSL vulnerabilities.

Forrester's Holland cautioned users to do their homework so that they are using genuinely secure services rather than those that are heavily promoted.

"Consumers should be aware that the marketing of privacy is very different than the reality of privacy," he said. "The mainstream media coverage of the iCloud celebrity hacking raised general consumer awareness around security and privacy of messaging apps."

The EFF's Secure Messaging Scorecard is available online for more details.

Tell Us What You Think
Comment:

Name:

Saif Ullah:
Posted: 2014-11-06 @ 7:55am PT
App sandboxing isolates apps from the critical system components of your Mac, your data and your other apps. Even if an app is compromised by malicious software, sandboxing automatically blocks it to keep your computer and your information safe. And Gatekeeper makes it safer to download apps by protecting you from inadvertently installing malicious software on your Mac. So we now know that sandboxing and Gatekeeper will protect you from any nasties. Phew. But hang on. If you download a malicious app via uTorrent (for example), Gatekeeper won't bat an eyelid. If you try to install an app infected by iWorm, XProtect will block the install but it won't go looking to see if you are already infected with it. And sandboxing makes no difference as it is limited to certain apps/plugins. Apple security- the gift that keeps giving.

Like Us on FacebookFollow Us on Twitter
MORE IN MOBILE TECH

NETWORK SECURITY SPOTLIGHT
China-based Vivo will be the first company to come out with a smartphone featuring an in-display sensor for fingerprint security, beating Apple, Samsung, and other device makers to the punch.

CRM DAILY
NEWSFACTOR NETWORK SITES
NEWSFACTOR SERVICES
© Copyright 2017 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.