Abstract

In the digital world of today mobile phones have a significant impact on our day-to-day lives. In addition to voice communications and personal entertainment, people use private messaging applications to connect with others for one-one communication or a group communication. Along with text communications, these messaging apps provide facilities to share pictures, videos, files and enable voice and video communications over the internet. A few of the applications that are widely used are WhatsApp®, Facebook Messenger®, WeChat®, QQ Mobile®, Viber, Skype®, and so on. The paper focusses on the WhatsApp messaging platform followed by various vulnerabilities that pertain to WhatsApp and security attacks that exploit these vulnerabilities. The emphasis is on WhatsApp because the of largest user base of 1.5 billion users (Statista 2018) spread across 180 countries worldwide. Information security attacks on these mobile messaging apps, can be classified into 3 broad categories. • Software Vulnerabilities: Design and development defects, can lead to open vulnerabilities that the malicious actors exploit to gather information. • Unintended activities of the users: This is a broad category that discusses how accidental text forwards, wildfire forwards from others or in group discussions that include but not limited to: Greetings, Chain Forwards, Puzzles and Challenges, Messages related to religion, Charity requests, Deals, Sensational News forwards about Politics, Celebrities and so on. • Social Engineering Attacks: Targeted social engineering attacks such as Cyberbullying (Rice, E et al. 2015), phishing, punycode or homoglypic attacks, Deepfake videos, child pornography, Malicious file forwards, Accounts hijacking, ransomware, psychologically straining and suicide inducing games such as Bluewhale or Momo Challenge Next, we analyze the various phases of such attacks. For threat actors’ three things are important to perform any information security attack. Method, Opportunity and Motive. Based on the above classification, various phases of the attacks and how naive users become victims of these attacks. Overall, the paper builds a taxonomy of various attacks on Mobile messaging application. The objective is to create an awareness among the users by explicitly classifying these attacks. We hope that this will provide the foundation for building prevention and protection mechanisms against such attacks.

Share

COinS
 

Analysis of Information Security Attacks on Mobile Messaging Applications

In the digital world of today mobile phones have a significant impact on our day-to-day lives. In addition to voice communications and personal entertainment, people use private messaging applications to connect with others for one-one communication or a group communication. Along with text communications, these messaging apps provide facilities to share pictures, videos, files and enable voice and video communications over the internet. A few of the applications that are widely used are WhatsApp®, Facebook Messenger®, WeChat®, QQ Mobile®, Viber, Skype®, and so on. The paper focusses on the WhatsApp messaging platform followed by various vulnerabilities that pertain to WhatsApp and security attacks that exploit these vulnerabilities. The emphasis is on WhatsApp because the of largest user base of 1.5 billion users (Statista 2018) spread across 180 countries worldwide. Information security attacks on these mobile messaging apps, can be classified into 3 broad categories. • Software Vulnerabilities: Design and development defects, can lead to open vulnerabilities that the malicious actors exploit to gather information. • Unintended activities of the users: This is a broad category that discusses how accidental text forwards, wildfire forwards from others or in group discussions that include but not limited to: Greetings, Chain Forwards, Puzzles and Challenges, Messages related to religion, Charity requests, Deals, Sensational News forwards about Politics, Celebrities and so on. • Social Engineering Attacks: Targeted social engineering attacks such as Cyberbullying (Rice, E et al. 2015), phishing, punycode or homoglypic attacks, Deepfake videos, child pornography, Malicious file forwards, Accounts hijacking, ransomware, psychologically straining and suicide inducing games such as Bluewhale or Momo Challenge Next, we analyze the various phases of such attacks. For threat actors’ three things are important to perform any information security attack. Method, Opportunity and Motive. Based on the above classification, various phases of the attacks and how naive users become victims of these attacks. Overall, the paper builds a taxonomy of various attacks on Mobile messaging application. The objective is to create an awareness among the users by explicitly classifying these attacks. We hope that this will provide the foundation for building prevention and protection mechanisms against such attacks.