- First YouTube comment to hit 1 million likes is on Billie Eilish’s ‘bad guy’ music video 5 Years Ago
- Girl says she was fired over exposing how Panera makes its mac and cheese on TikTok Today 11:34 AM
- David Harbour teased fans about Hopper’s ‘Stranger Things’ fate on ‘SNL’ Today 10:24 AM
- Kacey Musgraves accused of cultural appropriation–and botching it Today 9:19 AM
- Rihanna defends Vogue writer who received backlash for ‘winging’ interview Today 8:36 AM
- Here are the best PC games to add to your list Today 8:20 AM
- How to stream ‘Power’ season 6, episode 8 Today 6:00 AM
- How to stream Steelers vs. Chargers on Sunday Night Football Saturday 7:20 PM
- Popular TikTok teens accused of pretending to be gay for clout Saturday 6:38 PM
- Scott Walker’s ‘$26 haircut’ dig at Alexandria Ocasio-Cortez backfires Saturday 4:46 PM
- Halle synagogue shooter allegedly posted manifesto on anime message board Saturday 4:06 PM
- How to stream Cowboys vs. Jets in NFL Week 6 Saturday 3:25 PM
- How to stream Rams vs. 49ers in NFL Week 6 action Saturday 3:05 PM
- Kamala Harris’ ‘lover’ says Jacob Wohl hired him off Craigslist Saturday 2:03 PM
- Korean hair salon dragged for turning straight hair into Afro-textured hair Saturday 1:00 PM
Instagram, Vine, and other apps pass data around without encryption
Celebgate the sequel it’s not. Concerning, it is.
A team of data forensics experts has revealed that unsecured data is constantly leaking from some of the most popular mobile apps in the world.
Researchers from the University of New Haven’s Cyber Forensics Research and Education Group (UNHcFREG) are detailing security vulnerabilities in the apps—including Instagram, Vine, Words With Friends, Grindr, Kik, and TextMe—in a series of videos.
“We have found that private communications can be viewed by others because the data is not being encrypted and the original user has no clue,” the researchers say in their announcement, which also estimates that the issues affect a combined audience of 968 million people.
Problems included unencrypted chat records, unsecured servers used to hold videos, and media, location data, and text being sent “in the clear” with no encryption.
According to Cnet, “The researchers found the unencrypted data by monitoring the devices’ network traffic, seeing words they’d type into the apps appear in plaintext over the network, and by examining files captured with in device backup software.”
Ibrahim Baggili, UNHcFREG’s director and Assistant Professor of Computer Science at the university’s Tagliatela College of Engineering, told the Daily Dot that the seemingly obscure data leaks were easy fodder for intruders using simple monitoring software.
“It’s a very practical problem,” Baggili said. “If you are sitting and using a hotspot in a coffee shop, the traffic can very easily be intercepted.”
The three programs that Baggili’s team used—Wireshark, NetworkMiner, and NetWitness Investigator—are all free. (The full version of NetworkMiner costs $700, but there is a lite version with basic functionality.)
So far, the UNH team has only tested their method with Android phones. In the video below, they demonstrate how a Windows application called NetworkMiner can intercept photos sent from and received by the Instagram Android app.
“We recorded network traffic in Wireshark to see if files remained on the server,” one of the researchers says in the video. “For Instagram, we found an image that we sent weeks ago, still on their server unencrypted and without authentication.”
This doesn’t necessarily mean your Android is leaking this data, and it’s a software-dependent hack, but in the wake of Celebgate, it’s certainly a sensitive issues.
Eric Geller is a politics reporter who focuses on cybersecurity, surveillance, encryption, and privacy. A former staff writer at the Daily Dot, Geller joined Politico in June 2016, where he's focused on policymaking at the White House, the Justice Department, the State Department, and the Commerce Department.