How side-channel attacks can compromise privacy in WhatsApp, Telegram, and Signal

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
... ...
However, after a deep dive into three of these secure messaging apps — Telegram, WhatsApp and Signal — we discovered that these services may not fulfill the promises they are meant to keep by putting users' confidential information at risk.

This is a serious problem, considering users download these apps in the hopes that their photos and messages will stay completely protected from third parties. These apps, which have countless users, cannot assume that their users are security educated and understand the risk of enabling certain settings on their device. As such, they have an obligation to explain the risks to users, and when possible, adopt safer defaults in their settings.

In this post, we will show how an attacker could compromise these applications by performing side-channel attacks that target the operating system these apps delegated their security to. This post will dive into the methods in which these apps handle users' data. It will not include deep technical analysis of these companies' security.
 

oneeye

Level 4
Verified
Jul 14, 2014
174
One can only imagine how many State actors are utilizing these vulns? I didn't notice a disclosure to the affected apps developers, and their response? Anyone have more on this? Thanks
 

g4nu5

Level 2
Verified
Dec 5, 2018
76
we need information security experts opinion :emoji_cold_sweat::emoji_grimacing::emoji_innocent:hope to sharing knowledge
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top