DOI QR코드

DOI QR Code

Evaluation of Safeness and Functionality in Applied Technologies for Mobile Messengers

  • Cho, Gyu-Sang (Dept. of Computer Information, Dongyang University)
  • Received : 2016.08.04
  • Accepted : 2016.08.31
  • Published : 2016.08.31

Abstract

Recently, KakaoTalk users seek secure messengers with fears of 'possible' censorship over a mobile messenger. Instead German messenger "Telegram" is gaining popularity in South Korea. Are the known as secure messengers actually secure? In this paper, we evaluate secure mobile messengers in terms of private information protection. We establish the fourteen criteria to evaluate the functionality of messenger apps including communication encryption in transit, the possibility of leakage of decrypted messages via server, an encryption algorithm, a key exchange algorithm, an ephemeral message application, etc. Line, Telegram, Snapchat, WhatsApp, Wickr, Facebook Messenger and KakaoTalk, which have many worldwide and domestic users, are to be targeted. Wickr is ranked at the top of the evaluation, followed by Telegram and Line but KakaoTalk and Snapchat are ranked at the bottom of the evaluation list.

Keywords

References

  1. Korea Communication Commission, "Guideline for Right to exclude his own Internet postings," www.kcc.go.kr/download.do?fileSeq=43062
  2. WhatsApp, "WhatsApp Encryption Overview," Technical white paper, https://www.whatsapp.com/security/WhatsApp-Security-Whitepaper.pdf 2016.
  3. ZDNet Korea, "Marker Group-Gangwondo, 'Right to be forgotten' Business Agreement," http://www.zdnet.co.kr/news/news_view.asp?artice_id=20150813172344
  4. MK News, "Tweeter apply 'Right to be forgotten' for Korea," http://news.mk.co.kr/newsRead.php?year=2016&no=347663
  5. Wikipedia, "Transport Layer Security-Dealing with man-in-the-middle attacks," https://en.wikipedia.org/wiki/Transport_Layer_Security#Certificate_pinning
  6. Namu Wiki, "Telegram-Security," https://namu.wiki/w/%ED%85%94%EB%A0%88%EA%B7%B8%EB%9E%A8
  7. Pavel Durov, "Telegram was kicked out from Play Store for a few hours today due to @naver_line's actions," https://twitter.com/durov/status/619486763032182784
  8. Telegram, "$300,000 for Cracking Telegram Encryption," https://telegram.org/blog/cryptocontest
  9. The Hacker News, "Is Telegram Really Secure?-4 Major Privacy Issues Raised by Researcher," http://thehackernews.com/2015/11/telegram-securityprivacy.html
  10. Telegram, "Secret chats, end-to-end encryption," https://core.telegram.org/api/end-to-end
  11. Electronic Frontier Foundation, "Secure Messaging Scorecard," https://www.eff.org/node/82654, 2014.
  12. "Target and Sanpchat suffer major data breaches," Computer Fraud and Security, pp. 2-3, Jan. 2014. doi:10.1016/S1361-3723(14)70001-6
  13. BBC Newsbeat, "Hackers threaten to post more Snapchat photos online," http://www.bbc.co.uk/newsbeat/article/29581386/hackers-threaten-to-post-more-snapchat-photos-online
  14. Tarun Mehrotra and B. M. Mehtre, "Forensic Analysis of Wickr Application on Android Devices," 2013, IEEE Int. Conf. on Computational Intelligence and Computing Research, 2013. doi:10.1109/ICCIC.2013.6724230
  15. Decipher Forensics, "Snapchat Unveiled: an Examination of Snapchat on Android Devices," http://www.decipherforensics.com/snapchat
  16. Gibson Security, "Snapchat - GibSec Full Disclosure," http://gibsonsec.org/snapchat/fulldisclosure/#encrypting-normal-snaps
  17. Snapchat Supprot, "When Does Snapchat Delete Snapsand Chats?," https://support.snapchat.com/en-US/a/when-are-snaps-chats-deleted
  18. Line, "Line, 'Letter Sealing'-The World First E2EE Technology Through Smart Phone and PC Platform," https://linecorp.com/en/pr/news/ko/2015/1110
  19. Line Engineers' Blog, "For more safer dialogue: Letter Sealing," http://developers.linecorp.com/blog/ko/?p=162
  20. CNET Korea, "Messenger 'Line' Revealed Security Vulnerability," http://www.cnet.co.kr/view/129214
  21. Pioneer of Security Research, "Secure Chat Messenger App Security Check," http://www.pocsec.com/blog/secure_chat.pdf
  22. LINE Security Bug Bounty Program, https://bugbounty.linecorp.com/en/
  23. Wickr, "How Wickr's Encryption Works," https://www.wickr.com/security/how-it-works
  24. Wickr, "Wickr Messaging Protocol-Technical Paper," https://www.wickr.com/uploads/files/700869603163179165-wickr-whitepaper-final.pdf
  25. Asterisk Labs, "Making Wickr Weaker," https://labs.asteriskinfosec.com.au/making-wickr-weaker
  26. WhatsApp blog, https://blog.whatsapp.com
  27. Kakao blog, "Talking about KakaoTalk web address link utilizes in Daum web search," http://blog.kakaocorp.co.kr/516
  28. Der Spiegel, "WhatsApp-Update: Gut verschlusselt, aber nicht komplett sicher," http://www.spiegel.de/netzwelt/apps/whatsapp-versch luesselung-gut-aber-nicht-komplett-abhoersicher-a-1085726.html
  29. Facebook, Messenger Secret Conversations-Technical Whitepaper, http://www.fb.com
  30. Facebook Newsroom, "Facebook Messenger Celebrates Reaching 1 Billion Monthly Active User," http://ko.newsroom.fb.com
  31. The Guardian, "Facebook planning encrypted version of its Messenger bot, sources say," https://www.theguardian.com/technology/2016/may/31/facebook-messenger-bot-encryption-secure-messaging
  32. ZDNet Korea, "Facebook Messenger - Malware," http://www.zdnet.co.kr/news/news_view.asp?artice_id=20160608071232
  33. Joongangilbo, "New Malware using Facebook," http://news.joins.com/article/19913438
  34. DaumKakao, "KakaoTalk serves group chats," http://stchero.tistory.com/311
  35. Kakao blog, "The Dispute over Censorship about KakaoTalk," http://blog.kakaocorp.co.kr/215
  36. Kakao blog, "Actually, KakaoTalk Messages are," http://blog.kakaocorp.co.kr/216
  37. Ohmynews, "FBI Unlocked iPhone without Apple's Assistance," http://www.ohmynews.com/NWS_Web/View/at_pg.aspx?CNTN_CD=A0002194982
  38. Security News, "Smishing Malware Steals KakaoTalk DB," http://www.boannews.com/media/view.asp?idx=43794
  39. Kakao blog, "Privacy Mode Begin Today," http://blog.kakaocorp.co.kr/254
  40. Hankookilbo, "Telegram Reveals Korean Version," http://www.hankookilbo.com/v/016edd62a6c14c6784ff43892e00063d
  41. Newsis, "Right to be forgotten begins in Korea," http://www.newsis.com/ar_detail/view.html?ar_id=NISX20160601_0014122124&cID=10401&pID=10400
  42. Wickr, "Wickr Messenger," https://www.wickr.com/personal#features
  43. Wikipedia, "KakaoTalk," https://ko.wikipedia.org/wiki/%EC%B9%B4%EC%B9%B4%EC%98%A4%ED%86%A1