WhatsApp, Signal and Telegram “leak” the phone numbers of their users (and in the case of Telegram even those who are not registered in it), which allows you to pull all the information from their profiles. It can then be used by attackers to create fake accounts for fraudulent purposes, but it will be the fault of not only messengers, but also the users themselves.
WhatsApp, Signal and Telegram messengers, known for their advanced security technologies, did not provide an adequate level of protection of personal information of their users. This was reported by researchers from the University of Würzburg, who tested services for access to private information together with colleagues from the Technical University of Darmstadt (both universities are in Germany).
In their report, the authors of the experiment pointed out that all three messengers, included in the version of the profile resource TechRadar and the developer of anti-virus solutions
What data was publicly available
According to the authors of the study, they used very few resources to parse all three messengers, but even with their help they gained access to significant amounts of data. For example, in the course of their experiment, they scanned 10% of WhatsApp user numbers in the U.S. and 100% of Signal user numbers, which is known to be Edward Snowden’s favorite messenger. In 2015, he
The researchers have at their disposal all the data that people lay out in their profiles. Among them were account photos, nicknames, statuses, last date and time of connection to the service, etc.
Data analysis allowed to compile some statistics on user behavior. For example, most of them do not change the privacy settings, leaving them as they were when registering in the messenger, and the basic settings in most of these types of services do not provide this most privacy.
The researchers also found that about 50% of WhatsApp users in the US have a public photo of their account. Moreover, 90% do not hide the information they have posted in the “About” section.
Experts also noted the fact that 40% of Signal users, originally positioned as the most secure messenger and aimed at those who are concerned about privacy, have fully open profiles at WhatsApp.
Telegram, on the other hand, differs from its two competitors. Researchers were able to use it to get phone numbers even of those people who are not registered in this messenger, but are in the lists of contacts of users who have an account in it.
What could this threaten
Even considering that there is no really important information in the messenger user profiles that cannot be disclosed to third parties (bank card numbers, passport details, etc.), the available information can be used by attackers for their own purposes. Messengers do not have strict registration rules, which allows them to create in them many accounts with stolen information, for example, for fraudulent activities. The same is common in social networks – a cybercriminal creates a clone of someone’s page and starts, for example, to ask for money from those people who are on the list of friends of the owner of the real profile.
How to protect against scanning
The authors of the research stated that the type of information that hackers or attackers can get about this or that user of the service depends on the user. To be more precise, they depend on the privacy settings he has chosen.
The messengers themselves also have a certain influence on the dissemination of personal data. Thus, if WhatsApp and Telegram transmit to their servers the entire contact list, Signal sends instead only short hashes of phone numbers, which makes it difficult to find information. Nevertheless, a study of German specialists showed that it is possible to derive phone numbers from hash values using special tools in milliseconds.
Messengers “rent out” their users
WhatsApp, Signal and Telegram cannot be considered truly reliable means of communication. Each of them has vulnerabilities that allow easy access to information that is not intended for outsiders.
For example, in August 2020. CNews
In June 2020, it became known that some phone numbers tied to user profiles in WhatsApp, for a long time were in the public domain and even got into the Google search output. In total, with the help of Google could be found up to the number of about 300 thousand messenger users, and this problem was also global.
But Signal has distinguished itself more than others. In October 2018