08 Instant Messaging

Instant Messaging

Instant messaging has existed in some form or another for decades in Internet History. It is a process by which users on a computer network can quickly communicate with one another using short text-based sentences rather than using email. Each user has a piece of software that communicates with a common server that connects the chat sessions. Over the past few years, two distinct settings for the use of instant messaging have evolved.

The first is the corporate or institutional environment composed of many potential users but who are all under the same organizational umbrella.The second setting is individual users ‘after work’ or at home who do not have a mission-oriented commonality between them, but are more likely family and friends.

In the corporate setting, security risks are apparent from the outset. What stops a disgruntled employee from messaging some sensitive company data to a colleague outside the enterprise?

The reverse of that would be the example disgruntled employee downloading some virus or spyware onto his machine inside the corporate firewall to release as desired. Accordingly, organizational offerings have become very sophisticated in their security and logging measures. Typically, an employee or organization member must be granted a login and suitable permissions to use the messaging system. This creating of a specific account for each user allows the organization to identify, track and record all use of their messenger system on their servers

The specialized requirements of the organizational messaging system, however, run almost completely contrary to what an individual user may need. Typically non-organizational use instant messengers advertise their availability to the Internet at large so that others may know if that person is online. The trend has been too that manufacturers of instant messaging clients offer interoperability with other manufacturer’s clients

Features of Instant Messengers:

  • Presence and Status Broadcasting - Messengers attempt to maintain a social environment and always stay 'connected'.
  • Interoperability – Many other manufacturers can interoperate with the example messenger.
  • Contact Lists - Maintains lists of all desired contacts.
  • Client-Server Design – Requires use of third party servers to provide chat functionality to messenger clients.
  • Logs Messages – Messages and other events are recorded

Popular Instant Messaging Solutions in Mobiles/Tablets :

Along with the boom in smart phones around the world, instant messaging applications created have been downloaded in almost every mobile device. The main reason why these apps are such a big hit with users is because they are easy to use and, more importantly, free.

WhatsApp:

WhatsApp Messenger is a cross-platform mobile messaging app that allows users to exchange messages without having to pay for them.

Viber download:

Developed by Viber Media, it is a proprietary cross-platform instant messaging voice over Internet protocol application for smart phones. In addition to text messaging, users can exchange images, videos and audio messages

WeChat :

WeChat, the mobile messaging application released by China's Internet giant Tencent, has 450 million monthly active users

LINE:

LINE is a Japanese proprietary application for instant messaging on smart phones and personal computers that allows users to make free voice calls and send free messages. Stickers and emoticons used in the app are popular among teenagers

KakaoTalk :

KakaoTalk is a multi-platform texting app created by South Korean team that allows iPhone, Android and BlackBerry users to send and receive messages for free. It has achieved 100 million subscribers since its release on March 18, 2010

Kikkik :

Kik Messenger is an instant messaging application for mobile devices. Kik Messenger was released on October 19, 2010, by Kik Interactive, started by a group of students from the University of Waterloo, Ontario, Canada.

Hike:

Hike is a communication app that offers both instant messaging and SMS under one roof, according to NDTV.com, an Indian TV network. It has been developed by Bharti Softbank, which is jointly held by India's Bharti Telecom and Japan's Softbank telecom provider. The app is the brainchild of Kavin Bharti Mittal.

Risks in Mobile Instant Messaging

Virus and Worms

In 2014, 38% of Viruses in top 50 viruses and worms are targeted towards peer-to-peer or IM applications in Internet Communications. Most viruses are sent through file transfers, Public Instant Messaging (IM) clients also have publicized vulnerabilities, where flaws such as buffer overflows and boundary condition errors have been exploited to spread viruses, worms or denial-of-service attacks.

Identity theft/authentication spoofing

Public IM systems let individuals create anonymous identities, which do not map to any identity and also IDs can be created even if the IDs and domains are not owned by that individual ("icici" or "john chambers," for example). Spoofing creates risk, as these IDs can be used maliciously, outside the control of the IT security department.

Firewall tunnelling

IM clients find ways to tunnel through firewalls, creating risk. Most IM services come through well-publicized ports (5190 for AOL Instant Messenger, 1863 for MSN and 5050 for Yahoo), but IM clients also can exploit any open port on the firewall, including those used by other applications (such as Port 80 for Web and HTTP traffic). Some clients also can connect via peer-to-peer connections or establish connections on randomly negotiated ports.

Data security leaks

Unmonitored content leaving the corporation without the knowledge of the information security department introduces legal and competitive risk (such as a CFO sending a confidential spreadsheet via IM without an audit trail). File transfer over IM is a powerful way to send information beyond the tracing capabilities of the IT department. The lack of content filtering and archiving makes it difficult for IT to discover potential breaches of policy or to hold individuals accountable.

Spim

IMlogic says that 5% to 7% of IM traffic today is spim (instant messaging spam). Spim can be more disruptive than e-mail spam, as it is more intrusive (the pop-up spim interrupts the user) and generally of a more sexually offensive nature (leading to human resources and legal risk

What we need to do?

Instant messaging applications add a lot of convenience, but few people take the time to think about security concerns. Every day, hackers are trying to gain access to our conversations. The good news is, there are certain things that can be done to make instant messaging safer.

Avoid Exposing Private Information:

Developers have warned that many of the instant messaging applications make it easy for private information to be exposed and used for fraudulent purposes. Researchers at the University of California studied more than 120,000 free applications that are available for use on Android devices.Many of the applications have parts of the code that are public, which means they could be modified easily for fraudulent purposes. The use of malicious code allows hackers and other individuals having malicious intent to send messages on behalf of someone, to get access to personal information and to replace the actual application with code designed for alternative purposes.Despite the emphasis on Android apps, researchers believe that similar security concerns are valid for iPhone instant messaging options.

Encryption:

Several other instant messaging apps for smart phones were examined concerning the manner in which personal information is transferred and stored. WhatsApp, a market leader in the instant messaging niche, has been accused of transmitting address books and personal information unencrypted to the app server. Many bits of private information, including ID, are readily available for third parties to see and to utilize.An even more troublesome trend has emerged recently. Certain applications were developed for the purpose of getting access to the instant messaging conversations of other people and for access to personal information. WhatsApp Sniffer is one such development. Such applications reveal once again how many security gaps instant messaging applications leave.

Facebook Chat? Think Again:

Various surveys were carried out and the conclusion is that Facebook Chat applications for mobile devices are one of the least safe options on the market. Encryption is not used to protect log in, which means that the password of an individual can easily be seen. The instant messaging conversations themselves are protected minimally. Yahoo! Messenger and the now defunct Windows Live Messenger are two other applications that fail protecting member conversations adequately.

Using Instant Messaging Apps Safely:

What does it take? The first and most obvious thing you can do to increase instant messaging safety and privacy is the selection of the right application. No two instant messaging apps are alike. Some developers put more emphasis on the protection of sensitive data. Data encryption is the first and the most basic way of data protection. Make sure that the apps you choose transfer all information in an encrypted form to the server. Some Internet apps such as Skype, Google Talk, AOL, Instant Messenger, similar major developments brag higher than usual security. Make sure you do your research before downloading your app of choice to keep your information secure.

Secure Instant Messaging

Secure instant messaging is a form of instant messaging wherein at the very least the users are exchanging chat messages the contents of which they have caused to be encrypted with keys they generate and control.

Recent news events have revealed that the NSA is not only collecting emails and im messages but also tracking relationships between senders and receivers of those chats and emails in a process known as 'meta data' collection.

'Meta data' refers to the data concerned about the chat or email as opposed to contents of messages. It may be used to collect valuable information.

The wireless network that you use to do instant messaging is just as important. Open networks like the ones available in cafés, at airports and bus stations are very easy to break through. When doing instant messaging, rely on a closed, password-protected internet network. Instant messaging can be used to communicate with friends, business partners and acquaintances. Still, it is important to keep security concerns in mind. Though convenient, instant messaging can compromise personal information if the wrong app is chosen. Choose applications carefully and be smart in terms of what you share

Almost by definition alone a secure messenger cannot be a social messenger. Therefore to be considered secure a messenger must behave differently than one used for more social purposes. Traits of a secure instant messenger include the ability to:

  • Provide a 'stealth' online presence
  • Send messages in cipher text—not clear text form.
  • Not log or store any information regarding any message or its contents.
  • Not log or store any information regarding any session or event.
  • Operate as a decentralized computing model—not relying on third party servers for message security and handling.

Secure instant messengers aren’t needed for every chat session but when there is a requirement for private, secure and untraceable messaging there is no other means to effect those requirements.

Popular Secure Instant Messaging Solutions in Mobiles/Tablets

  • Telegram: Telegram is a cloud-based mobile and desktop messaging app with a focus on security and speed
  • Adium: Adium is a free instant messaging application for Mac OS X that can connect to AIM, MSN, XMPP (Jabber), Yahoo, and more.
  • Bitbee: BitlBee is a cross-platform IRC instant messaging gate way, licensed under the terms of the GNU General Public License
  • Jitsi: JITSI (formerly SIP Communicator) is a free and open source multiplatform voice (VoIP), videoconferencing and instant messaging application for Windows.

InfosecNews :

http://www.firstpost.com/business/india-worst-hit-whatsapp-spam-heres-menace-2050207.html

 

Address

Centre for Development of Advanced Computing, (C-DAC)
Plot No. 6 & 7, Hardware Park, Sy No. 1/1, Srisailam Highway, Pahadi Shareef Via Keshavagiri (Post) Hyderabad - 500005

Phone

Phone: 040-23737124/25
Mobile: 040-23737124/25

TollFree

1800 425 6235

Email Address

isea[at]cdac[dot]in