What you need to know
- New research raises concerns about how messaging apps handle link previews.
- Some apps could be leaking your location to third parties.
- Files you share could also be accessible by other people and companies, too.
New security research by Talal Haj Bakry and Tommy Mysk has found that some messaging apps are mishandling data, potentially sharing details like your IP address and location with third parties. Files that you send could also end up on a third-party's server as well.
On top of all that, link previous could also download multiple gigabytes of data if the link takes a messaging app to a large file.
Link previews give the person receiving a URL a glimpse of what they will see if they tap on it. But that preview needs to be generated and if it's the receiver doing it, it could be happening on a server somewhere. And it's there where the data leak can happen.
Link previews in chat apps can cause serious privacy problems if not done properly. We found several cases of apps with vulnerabilities such as: leaking IP addresses, exposing links sent in end-to-end encrypted chats, and unnecessarily downloading gigabytes of data quietly in the background.
The researchers tested a number of popular and high-profile messaging apps and services including Discord, Google Hangouts, Instagram, Slack, Zoom, and iMessage. Some fared better than others with one in particular, LINE, behaving particularly badly. While it offers end-to-end encryption on its messages, it still sends links to a server for the preview to be generated. Effectively undoing the encryption.
Well, it appears that when the LINE app opens an encrypted message and finds a link, it sends that link to a LINE server to generate the preview. We believe that this defeats the purpose of end-to-end encryption, since LINE servers know all about the links that are being sent through the app, and who's sharing which links to whom.
The full report is a great read if you're at all interested in what can happen when developers and back-end server architects don't think things through properly. Thankfully, some companies have already reacted to the findings of this report. Now we need the rest to follow suit.
Apple's Black Friday iPhone SE sale essentially makes the price $290
The iPhone SE is already an incredible price, even without any discounts, but with Apple's Black Friday sale, you can get one for a song.
Which AirPods should you buy on Black Friday?
Thinking of buying AirPods for Black Friday but can't decide which ones you should get? I've got some advice that should help you decide.
These Nintendo Switch bundles are bound to go fast — Get them at $299 now!
The Nintendo Switch is finally back in stock for its regular retail price of $299. Do not miss your chance to get one right now. The Switch sells out fast and is rarely in stock. You won't regret it.
Need a clicker for your Apple TV? Here are the best
Whether you hate the Siri Remote, lost your old one, or just scouting out the market, here are our favorite remotes to control your Apple TV.