Why Encrypted Messaging Apps Should Not be Trusted

Fidelis Cybersecurity have recently expressed their growing concern related to the safety of using messaging apps like whatsapp, signal and others. We spoke to John Bambenek, Threat Systems Manager at Fidelis Cybersecurity, to find out why messaging apps may not offer users the expected level of privacy, what’s problematic and what can users do to maintain their privacy.

John Bambenek

Which messaging apps have you found to be most vulnerable and why?

WhatsApp and Confide both have had public issues reported this year.  That said, there is only a subset of issues researchers can test (namely the applications themselves and the public interfaces to their backend).  There may be vulnerabilities in the backend of the infrastructure these applications use that could expose people to eavesdropping or other issues.

What kind of abuses are most common on messaging apps?

Although so far there hasn’t been much in the way of large scale scamming, I would characterize the use of messaging apps is either highly targeted or experimental.  Generally it involves abusing someone’s trust that “encrypted” messaging also means “trusted” when they are no more inherently trustworthy than other messaging apps.  They provide you protection against eavesdropping but there are many other forms of malfeasance.

What is the Do Not Call Registry? And how can it help prevent fraud and spam on messaging apps?

The Do Not Call Registry is part of a program by the U.S. Federal Trade Commission where you can place your phone number on a list that telemarketers are required to have and use to prevent them from calling you. The problem is that enabling legislation only applies to phone calls, and there was no consideration of non-telephony communication such as encrypted text messages or phone calls (i.e., apps such as Signal).

What can people using messaging apps do to protect their privacy?

The important thing to realize is that you need to verify the identity of new contacts outside of the application (i.e. call them on the phone, send an email).  Take notice of odd changes or linguistical oddities of messages.  For instance, if a contact is American and they start spelling words like “colour”, something could be up.

In your opinion, what should messaging app operators do to ensure the safety of their users?

As with any encryption system, having transparent, third-party verification of their encryption and their security should be published so users can have greater confidence in the providers.  They should also proactively look for spammers, scammers and others who would abuse their systems and block them.




Privacy Alert!

You are exposing yourself to the websites you visit!

Your IP Address:

Your Location:

Your Internet Provider:

The information above can be used to track you, target you for ads, and monitor what you do online.

VPNs can help you hide this information from websites so that you are protected at all times. We recommend NordVPN — the #1 VPN out of over 350 providers we've tested. It has military-grade encryption and privacy features that will ensure your digital security, plus — it's currently offering  68% off.

Visit NordVPN

Was this helpful? Share it!
Did you like this article? Rate it!
I hated it! I don't really like it It was ok Pretty good! Loved it!
8.90 Voted by 42 Users
Comment Comment must be from 5 to 2500 characters long.
Thank you for your feedback
Nord is offering 68% off their VPN for a limited time!