Popular instant messengers allow you to receivethe intruder's personal data. At the same time, in Telegram, this applies even to people who are not registered in the messenger, but who are in the contact lists of the application user.
Research of the degree of data securityusers of WhatsApp, Signal and Telegram were conducted by cyber security experts at the University of Würzburg (Germany). The results are discouraging - the world's most widespread instant messengers have failed basic security tests and allow attackers to gain access to confidential user information.
Get personal information about usersinstant messengers are possible using the service of searching for contacts by phone numbers in the address book. According to the German experts, few resources were used when parsing the three messengers, but at the same time they got access to a lot of information. For example, during testing, 10% of the phone numbers of WhatsApp users living in the United States were scanned.
The obtained data users independentlyentered in messenger profiles. Among them were photos of the account, nicknames, statuses, the last date and time of connection to the service. Despite the fact that such information does not contain important information (bank card numbers, passport data), based on the information received, an attacker will be able to create fake accounts in instant messengers to commit a certain kind of fraudulent activity. The analysis revealed that the majority of users do not change their privacy settings.
The experts were surprised most of all by Telegram, in which it is possible to find out the phone numbers of not only registered users, but also their contacts in the address book.