What do you think is the most common sound in the world? There's no way to know for sure, but if I had to guess, I'd say it goes something like…
*Ding*
That's the sound of a chat app notification reaching its destination. A single message of the 41,000,000 sent and received worldwide every minute, every hour. And that's just from WhatsApp alone.
Messaging apps are a modern phenomenon. Everyone from politicians to plumbers uses one, if not several. WhatsApp, Telegram, Signal, and their equivalents allow us to get in touch with anyone, anywhere, in moments, and they do it all for free. What a time to be alive!
Unfortunately, as with everything too good to be true, there's a catch. Many free messaging apps we use daily may compromise our personal information – be it in favor of the software developers or malicious 3rd parties.
In this article, we discuss all the potential risks you undergo by using a free chat app.
The Threats of Free Messaging Apps
There are many ways your private information can be compromised while chatting on your favorite instant messenger. These include:
a) Impersonation
Impersonation is the act of pretending someone or something you aren't. And while we're all familiar with the meme of a Nigerian Prince offering you millions of dollars in exchange for a few bucks and your credit card information, these scams wouldn't be attempted if they didn't work at least some of the time.
Applications like WhatsApp, Telegram, and even Signal allow users to create custom usernames and profile pictures, allowing scammers to try and impersonate your loved ones, brand or company representatives, and other individuals you may be willing to trust.
An extension of this security flaw is stealing profiles. As you've undoubtedly seen before, sometimes hackers sneak their way into a private account and use it as a vehicle to try and dupe the user's social circle. They may post fraudulent links, send compromised files, or attempt to access more people's private information.
That's why it's vital you always make sure you're talking to the “real deal” and never click or open anything suspicious, lest you become a victim yourself.
b) Fake App Downloads
Fake apps may be considered a sub-type of impersonation. But the key difference is that instead of the thieves seeking you out, they have you come to them. The process is simple, the would-be scammer creates a mirror version of a popular app, incorporates some malicious software into its code like a trojan, and uploads it onto a free app store like Google Play or the Apple App Store.
It bears saying that this is a concern for all free apps, but since instant messengers rack up thousands of daily downloads, they are a particularly likely target. However, the threat is even greater than traditional impersonation, as spyware can steal information directly from your device's internal memory, including media, contacts, banking information, and more.
Thankfully, you should be able to avoid this issue fairly easily if you take my previous advice to heart and double-check everything before you click that “Download” button.
c) Information Auctions
Stepping away from the shady characters trying to steal your data, let's look at the shady characters taking it completely legally – software owners. Thanks to the Meta (formerly Facebook) Cambridge Analytica scandal, we know what happens when a corporation gets too greedy.
And while we're all painfully aware that few things in life are free, most of us would prefer paying through other means than our personal data. To ensure your private information is not sold off to the highest bidder in some back-room information auction, I highly recommend you read your chosen app's privacy policy and consider its business model.
WhatsApp, Telegram, and Signal are all free apps. And although Signal is supposed to be privately funded via the Signal Foundation, that doesn't mean you shouldn't think twice before choosing either.
d) Information Interception
Finally, the most sophisticated of thieving methods. It doesn't require any account hacking or customized app code. All a person needs to get ahold of your information is intercept the stream of data between you and your conversation partner.
Another concern regarding information interception is data storage. All messages and media sent and received have to be saved somewhere – typically on the software developer's company server. If someone can access this server, they can still view all your data, even if they have never intercepted it. Some, but not all, companies encrypt their servers to prevent that.
Unfortunately, there's still the issue of metadata. Sometimes, hostile entities don't even need to see your chat or call logs. Apps and IP providers hold onto metadata, which, although anonymized, can still be used to identify our approximate location, who you contacted, and more.
A Few Cautionary Tales
So far, we've spoken exclusively in general terms, but don't let that lull you into a false sense of safety. The threat of information traps in messaging apps is more than real, and we have a few case studies here to prove that.
WhatsApp Case 1) “The Most Expensive Hack of All Time”
First, I'm sure you'll be (dis)pleased to hear that even the world's richest man isn't immune to data theft. In 2020, news broke of Amazon CEO Jeff Bezo's phone being hacked after he opened an infected video file sent to him by Saudi Arabia's crown prince Mohammed bin Salman over WhatsApp. In lew of the incident, an American tabloid called the National Inquirer leaked Bezos' private information, including personal messages, which they supposedly gained access to via a Saudi connection.
WhatsApp Case 2) Pegasus Takes Flight
Around the same time, WhatsApp received another blow when the Israeli spyware Pegasus leveraged one of the app's vulnerabilities to infect targets' phones via a voice call. The worst part of the attack was that the users didn't even need to pick up the call to be infected, and any record of the phone call was deleted following successful infiltration. As we explained in our previous article, Clipping Pegasus' Wings: How to Protect Yourself from Cyberattacks, this allowed hackers to access all of their victims' information, including photos and videos, and even remotely active their cameras and microphones.
Telegram Case 1) Woeful Voicemail
Keeping track of your login info can be a real hassle. So, to save its users the trouble, Telegram added the option to sign in via an SMS code. Unfortunately, they didn’t consider that you wouldn’t be the only one who could use that message to enter your personal account.
By spoofing targets’ phone numbers, hackers were able to sneak into users’ voicemails and gain access to their login codes, resulting in a hack that hit over 1000 users and targeted some of the biggest personalities in Brazil. More dramatically however, it also caused Puerto Rico’s Governor Ricardo Roselló to resign, after details relating to a corruption scandal were published to the public, along with personal messages containing profanity.
Telegram Case 2) Sticky Stickers, Sticky Fingers
Although already fixed, an IT security firm insider managed to find 13 issues relating to Telegram’s sticker feature back in 2019. The exploit allowed hacker’s to send malicious stickers, which gave them access to the victim’s messages, photos, and videos.
The Better Alternative
No need to worry, though. If you prefer to keep your sensitive data secure, we have a solution for you. Silentel is a modern high-security messaging app with almost all the features you could ever want. And the governments, private organizations, and individuals in over 50 countries can attest to that.
Here's why they all choose to use Silentel:
- NATO Verification: We are the holders of several security certifications awarded by various countries and international organizations. Silentel became the first worldwide solution for secure mobile communication to be positioned in the NATO Information Assurance Products Catalogue (NIAPC).
- Secure Hardware: We provide a solution 100% under the control of your organization. No third-party servers. Once set up, no one else but you and your chosen users have access. Not even us.
- Encryption & Privacy: Communication via the Silentel app is protected with multiple security measures. Sent data is encrypted on the user's device before transfer and only decrypted on the receiver's end. Each communication has a unique, one-time-use encryption key created at the beginning of a conversation and immediately destroyed at its end. Furthermore, none of the information is ever stored on the device, so even if your phone is lost or stolen, no one will be able to retrieve any sensitive data.
- Premium Convenience: Silentel is quick to deploy and easy to use in any organization. It doesn't require any special installation, maintenance, or use skills. Our application works with standard proprietary devices running iOS, Android, macOS, or Windows. Silentel protects your sensitive information and also provides the ability to minimize time spent on face-to-face meetings or the physical delivery of documents.
Even the most popular free messaging apps have their flaws. If you value your private information, you need to be careful and make the right choice. We’ll be glad to talk to you about your concerns and show you how Silentel lets you talk freely and securely.