From a commercial perspective, such knowledge can be utilized for targeted advertisement or scams. Matching accounts with other social networks and publicly available data sources allows third parties to build extremely detailed profiles. By tracking such data over time, it is even possible to build accurate behavior models. Examples for personal (meta) data commonly stored in a user’s messenger profile include profile picture(s), nickname, status message, and the last time the user was online. Malicious users or hackers might also be interested in extracting information about others. Leaking Personal (Meta) Data via Crawling Attacks An illustrativeĮxample of a severe breach of privacy can be seen in the case of WhatsApp, which was acquired by Facebook in 2014 and shared its database with the parent company: Facebook users received friend recommendations of strangers who happened to see the same psychiatrists. When installing a mobile messenger, users also jeopardize the privacy of people who are not even connected to the particular service by transmitting their contact information without consent. Service providers could also be compromised or forced by government agencies to hand out data, resulting in the exposure of such sensitive information. Most importantly, sensitive contact relationships can become known and could be used to scam, discriminate, or blackmail users, harm their reputation, or make them the target of an investigation. Revealing essentially all personal contacts to a service provider is a significant privacy risk and legal challenge, as from the social graph of users a variety of personal information can be inferred. Leaking Social Graphs via “Curious” or Compromised Service Providers ![]() ![]() In a research collaboration between TU Darmstadt, TU Graz, and University of Würzburg, we show that currently deployed contact discovery services severely threaten users’ privacy. Unfortunately, the low entropy of phone numbers indicates that it is feasible to reverse such hash values and therefore, albeit all good intentions, there is no gain in privacy. Some of the world’s most popular mobile messengers (with billions of users) like WhatsApp perform contact discovery by regularly uploading and storing the users’ entire address books, while more privacy-concerned messengers like Signal transfer only short hashes of phone numbers or rely on trusted hardware. Mobile contact discovery allows users of mobile messengers to conveniently connect with people in their address book: newly registered users can instantly start messaging existing contacts based on their phone numbers without exchanging additional information like usernames or email addresses. What is Mobile Contact Discovery & Why Should I Care? Attacks on WhatsApp, Signal, and Telegram in the News German IT-Security Award 2020 for their work on mobile private contact discovery. ![]() News Second Prize in German IT-Security Award 2020Ĭhristian Weinert, Thomas Schneider, Matthias Senker, Daniel Kales and Christian Rechberger won the second prize in the 8. This website is also available in German. Mobile (Private) Contact Discovery Breaking & Fixing Contact Discovery in Mobile Messengers Mobile (Private) Contact Discovery | Breaking & Fixing Contact Discovery in Mobile Messengers Skip to the content.
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |