The use of mobile instant messaging (IM) applications is increasing day by day. Let it be birthday wishes, texting your family, asking about the well-being of a friend, or even discussing business matters, the easiness, and comfort that IM applications offer makes it difficult to think about an alternate communication channel.
While WhatsApp is still the most preferred mobile messaging application in the world, there is no other application that can dominate the reach of WeChat in China. Applications like Telegram and Signal are also gaining popularity these days.
Conversations in these mobile chat applications may range from as simple as the recipe of a pancake, to as complex as the decisions involving a stock trade, or even more. Hence, the level of security and privacy that the users demand from these applications is very high. And most of the IM applications in the market do think about their users’ privacy and security while designing the applications. Services like end-to-end encryption, two-factor authentication, manual, as well as auto-deletion of sent messages, are all part of the concerns revolving around the user’s privacy and security.
While messaging apps continue to provide their users with new features to enhance the user’s security and privacy, there are individuals or organizations that are on the constant lookout for vulnerabilities in these chat applications. The recent events that involve a “high” severity rating advisory issued by CERT-In for WhatsApp users, and the successful access to Signal by a digital investigation tool points to the fact that users must be vigilant while using mobile IM applications.
The CERT-In or the Indian Computer Emergency Response Team is the national nodal agency of India for responding to computer security incidents as and when they occur. The agency has issued a “high” severity rating advisory for the WhatsApp users in the country. The advisory is aimed at Android users who use the version of WhatsApp and WhatsApp Business prior to v22.214.171.124, and iOS users who use the version of WhatsApp and WhatsApp Business prior to v2.21.32.
The advisory states that “Multiple vulnerabilities have been reported in WhatsApp applications which could allow a remote attacker to execute arbitrary code or access sensitive information on a targeted system”. Further, the advisory explains in detail the vulnerabilities: “exist in WhatsApp applications due to a cache configuration issue and missing bounds check within the audio decoding pipeline”.
CERT-In advises WhatsApp users in the country to update their applications to the latest version from the Play Store or Apple App Store so that this vulnerability will not pose a threat to the users.
WhatsApp is not alone in the receiving end of such hacking attempts.
Signal is one of the most secure mobile messaging applications that a person can use in today’s world. Signal uses the Signal protocol that offers end-to-end encryption for the chats and the chat metadata, making the app a tough competition for popular competitors like WhatsApp, WeChat, and Telegram.
Even though it was not an illegal attempt to access the user data, Signal has also faced similar experiences.
The FBI recently accessed the Signal conversations of suspects alleged in running a gun trafficking operation in New York. Along the documents produced by the U.S. Justice Department contains screenshots of the Signal chats made by the suspects. These screenshots contained the metadata of the chats and prove that the application was decrypted on the phone, and the phone was in partial AFU (after first unlock).
The acronym AFU states the condition of an iPhone that is locked, but has been then unlocked once and not turned off. Since the encryption keys of an iPhone are stored in its memory, an iPhone in AFU mode is more prone to data extraction threats. But previous studies on searches of iPhones in AFU mode show that the process requires physical access to the device, and it is costly too.
In another event, the Israeli digital forensics company Cellebrite recently claimed that they successfully accessed Signal chats in an Android smartphone. A blog post from Cellebrite showed the procedure on how they went to access the Signal chats. But the company later replaced this blog with an article having lesser details.
Responding to Cellebrite’s claims, Signal’s co-founder, Moxie Marlinspike tweeted “The whole article read like amateur hour, which is I assume why they removed it.” After this incident, Marlinspike had posted a blog on Signal’s website, mocking Cellebrite’s attempt to access Signal chats.
Marlinspike added that Signal was never compromised, and Cellebrite only managed to programmatically take screenshots of Signal conversations in an unlocked mobile device, which according to him, was equally simple as just opening the Signal app and looking at the messages.
Marlinspike assures Signal users that Cellebrite’s claims of accessing Signal chats start with a user’s screen unlocked phone being physically accessible to another person. He further adds that ephemeral messaging options like disappearing messages and view-once media messages will help Signal users if such a scenario ever occurs.
Cellebrite, the digital forensics firm sells two software packages. The UFED (Universal Forensic Extraction Device) breaks the security levels of iOS and Android phones and collects deleted as well as hidden data. The second one, the Physical Analyzer looks for the presence of digital evidence in the device. Cellebrite helps private and public investigators in digital investigations.
Applications like WhatsApp, Signal, and Telegram offer their users services like end-to-end encryption for improving the app’s security. Even though there are security protocols in place to safeguard the privacy and security of the user, it is always better to be vigilant while using mobile chat applications.
Read our previous infographics on the comparison of popular mobile chat applications and the best practices on how to use them.
While allowing mobile IM applications for business communication between traders and customers, financial firms must always ensure that these conversations are captured and archived. A tool that can capture and record mobile text messages and calls must be used so that no conversation is missed out and regulatory compliance is ensured.
TeleMessage captures and retains mobile content, including mobile SMS messages, voice calls, and WeChat and WhatsApp conversations from corporate or BYOD mobile phones to ensure compliance with various data protection regulations. The messages are securely and reliably retained within TeleMessage servers or forwarded to your choice of data storage vendor.
Our mobile archiving products securely record content from mobile carriers and mobile devices for various ownership models (BYOD, CYOD, and employer-issued). With our multiple archiving solutions, you can always find the right tools or blend for your requirements:
- Network Archiver
- Enterprise Number Archiver
- Android Archiver
- WhatsApp Archiver
- WeChat Archiver
- Signal Archiver
- Telegram Archiver
TeleMessage offers cross-carrier and international mobile text & calls archiving for corporate and BYOD phones. Visit our website at www.telemessage.com to learn more about our mobile archiving products.