Contact Us













captcha

Not All Messaging Apps are Created Equal

By January 27, 2015blog

In last week’s blog post, I raved all about group chat, and why you need to use group chat in the workplace if you aren’t already. What I didn’t discuss at length was which type of group chat applications you should use.

The truth is, not all messaging apps are created equal.  You’re probably asking yourself, what’s the big deal with “official-unofficial” workplace third-party messaging apps if I’m just joking around with my coworkers or letting everyone know (yet again) that someone left a huge mess in the office kitchen? In theory, no problem.

In reality, it’s hard to enforce policies in which seemingly innocuous information is the ONLY information shared via third-party messaging apps. Before you know it, it’s not messy kitchens that you’re talking about but sharing highly sensitive, confidential information that anyone could have access to. Bottom line: when you chat with someone through a third-party messaging app, be aware that someone may read it—someone other than your intended recipient. SCARY!

Don’t believe me? I’ve got three examples that prove how troublesome these apps can be:

1. Viber

In April 2014, security researchers discovered that the popular mobile messaging app, Viber, sent video and images without encrypting them first. To make matters worse, the app also stored the messages online on a publicly available server, making it possible for private photos and messages to be accessed by anyone with enough determination and knowhow.

2. Snapshat

Snapchat has built its service on a pitch that has always seemed almost too good to be true: that people can send any photo or video to friends and have it vanish without a trace. The popular messaging platform recently settled with the Federal Trade Commission in May 2014 because it turns out that its messages didn’t actually disappear as often as promised. Not to mention it’s other security flaws

3. WhatsApp 

Last but not least is WhatsApp, with over 700 million users worldwide. This past November, WhatsApp announced that it would implement end-to-end encryption to make it nearly impossible for anyone to read users’ messages. That’s fine and dandy but its upgraded privacy protections remain to be seen. In the meantime, WhatsApp contains a flaw in its encryption process that would make it possible to read plain text communications sent via WhatsApp. The vulnerability in question involves the use of the same key to decode the encryption on both sides of a conversation, making it possible for someone to intercept messages sent via Wi-Fi and decrypt them. An attacker with access to the encrypted messages can use a specific algorithm to compare and essentially predict the text hidden underneath the encryption. Because the message sent from the user to the server, and vice versa, have the same key to unlock them, when compared against each other, the actual text can be pulled out of the seemingly encrypted message.

Have I convinced you to think twice about using a third-party messaging app as business communications tool?

Please don’t get me wrong. I love WhatsApp, Viber, Snapchat and the entire plethora of messaging apps out there that make it easier to connect with family and friends. And I emphasize family and friends only. They were never meant to be used in the workplace. Security vulnerabilities have been exposed at major banks, corporations and retailers around the globe and at many start-ups because of the widespread use of consumer messaging apps in an enterprise setting. When it comes down to it, most of these mobile chat apps store messages on servers before relaying them to your intended recipient, leaving them vulnerable to clever criminals or security loopholes. Anyone with the right hacking knowledge, or warrant, can access those private messages later without your or the company’s knowledge. And then it’s out there, forever.

The good news is that you can have your cake and eat it too. There are a number of business mobile messaging apps (including TeleMessage, shameless plug, yes I know) that meet business requirements, including advanced security features, administrative access, message reliability and application integratibility while providing the same user friendly experience that consumer third-party messaging apps offer. Enterprise mobile messaging tools optimize employee communication and workflow efficiency while maintaining organizations’ security and compliance.

Credits to Kaspersky Labs for the image.

Leave a Reply