Almost all of popular instant messengers for smartphones contain a vulnerability in the code that can be used by criminals, reports “Kommersant” with reference to the study of Solar Security. While in mobile chat for iOS experts found more errors than in their versions for Android.
With the help of technology auto binary analysis of Solar Security code checked out nine of the most popular instant messengers: Telegram, WhatsApp, Viber, Facebook Messenger, Signal, Slack, Skype, WeChat and QQ International. As a result of check it was found that critical vulnerabilities not only contains the Signal messenger for Android. However, its code still contains the six errors of the average level and seven low. In the code of Facebook Messenger and Slack there are four critical errors, while others have more.
The most common critical vulnerabilities of instant messaging apps on Android include weak algorithms for encryption and hashing, insecure implementation of SSL, use of blank passwords. These errors increase the risk of interception of usernames and passwords stored on the device.
the iOS version of the messengers are more vulnerable than clients for Android. So, in Facebook Messenger for iOS the company’s specialists Solar Security found 12 critical vulnerability in Viber 15, Skype 17. Most errors were discovered in the Chinese instant messenger QQ International and WeChat.
According to experts Solar Security, the fact that iOS versions of applications contains more errors, most likely due to the fact that Android developers “more attentive to the level of protection” as “itself is less safe.”
Viber announced that the company is never found in its messenger critical vulnerabilities. The company argued that application quality experts check Viber and third-party experts, in addition, using the “automation tools and Analytics to detect errors and prompt correction of failures in the application.” In Facebook also noted that new products are tested for safety by a “special teams”