Every Facebook Instagram Facebook Messenger link spied risk: why you should opt for more secure apps - Every time you send a link to a friend or family member through a messaging app, you're putting yourself in danger. If you do it through Facebook Messenger you should know that, directly, someone else could see what you are sending.
This is what finds an investigation published this Sunday by two cybersecurity experts, Talal Haj Bakry and Tommy Mysk. Their names won't sound to you, but Forbes remembers that they are the experts who detected how many apps indiscriminately accessed users ' clipboard on iPhone, especially apps like TikTok.
The research stops at how messaging apps like WhatsApp, Signal or Messenger manage previews of links that are sent by users. You may have noticed that, when sending a news to a contact through one of these platforms, in addition to the link in question, the app loads the image of the article, the headline and a brief description.
According to Forbes, who collects the details of Haj Bakry and Mysk's research, messaging apps access these elements-title, description and image— through various methods. All of them could endanger your privacy and security.
For example. In WhatsApp, it is the sender's phone that accesses the link that the user in question is sending to 'collect' the items described above. This exposes the user sending the link: even if you haven't opened the tab, you may be accessing a link where any of these elements have malicious code. WhatsApp delegates this responsibility to the sender because the app understands that, being the one who is sending a link, it must be because he has accessed it before and knows that there is no risk.
Another formula is the opposite. In this case, when a user receives a link in a messaging app, it is their mobile phone that is responsible for accessing the metadata of the hyperlink in the background to collect the image, the title and the description with which to load the preview. What's going on? That in these cases, the link could include malicious code in any of these elements.
Two messaging platforms use this method, but researchers have not yet revealed which ones because they will fix this problem: if a user receives a malicious link and his phone automatically accesses it in order to prepare the preview, malware could be downloaded or even deliver the location and IP address of the device.
Facebook Instagram Facebook Messenger link spied risk
And a third formula that platforms use to prepare the preview of links is that of Facebook Messenger.
When you send a link to Facebook Messenger, both sender and receiver load a preview of the link into their windows. To load this preview, the platform sends the link to its own server in order to do this management and, incidentally, verify that it is a link that does not violate the regulations of the platform.
Although it was already known —Forbes recalls— that Facebook snoops in the conversations of its users precisely to check that it complies with the regulations, the reality is that the fact that your links are stored on a server of the multinational gives the problem a new dimension.
"When you send a link, the application will first send it to an external server that it will ask to generate a preview, then the server will send this preview to sender and receiver." "Facebook Messenger does not generate these previews in the platform's Secret Conversations, which are encrypted from point to point," one of the researchers explains to Forbes.
How much the big video game studios pay: the salaries of the creators of 'Animal Crossing', 'Fortnite', 'League of Legends' or 'FIFA'
"Shared links may have private information intended solely for their recipients. It can be invoices, contracts, medical records or anything that is confidential. Although these servers are verified by the app, it is not indicated at any time that the servers are receiving these links. Do the servers download some files or a small sample to load the preview? If they download the entire files, do the servers save a copy? For how long?". These are some of the questions that researchers ask themselves.
"And these copies, are they stored securely? Or can the people who manage these servers access them?".
Facebook Messenger is not alone in using these servers for this purpose. Other apps use a similar methodology to load link previews: Instagram, LinkedIn, Slack, Twitter, Zoom or Google Hangouts, they detail. But only Facebook does mass downloads of the files containing the links that users send to each other.
While other platforms download a maximum of 20 or 50 megas of their users ' links to upload the preview, researchers have detected downloaded files of up to 2.6 gigabytes. "The moment we sent a link, we detected how several Facebook servers started downloading information immediately... 24.7 gigabytes were downloaded."
Security breach on RadarCOVID: even Amazon was able to access the codes of citizens who confirmed their contagion on the platform
The situation is even more worrying when it is discovered that in the case of Instagram, even during this process malicious code could be executed that is embedded in some of the links that users send.
Facebook Instagram Facebook Messenger link spied risk
"Europe has lost the first wave of personal data; we cannot lose the second wave, that of Industrial Data": Commissioner Thierry Breton's harsh plea
Thierry Breton believes that Europe cannot miss another opportunity.
The European Parliament's Commission for Artificial Intelligence and the Digital Age —AIDA— was meeting for the first time this Monday after its constitution at the end of September. He did so with an appearance by the Commissioner for the Internal Market, Frenchman Thierry Breton, who made a strong argument in defense of the digital strategy in which the European Union has to move forward.
Remotely, like many MEPs, and with some technical difficulties, the European commissioner made it clear that Europe had already missed a first wave of data, "that of personal data", and that consequently, a second wave "much more important" such as "industrial data"could not be missed.
This second wave will be "gigantic". The commissioner said that in the near future "there will be no industry without data" and therefore called on MEPs to legislate on the use of new technologies. To this end, Commissioner Breton recalled that the White Paper on Artificial Intelligence is already in the possession of the European Commission. "We will have to influence the conditions of use of algorithms to correct excesses and risks," he said.
ERTE, pensions, energy, bankruptcy law or the boost to vet: 8 reforms prepared by the government to secure European funds
All with the aim of organising and building "a genuine European data market".
The European Commission will present in the first half of 2021 "the first legislative proposals" to create this framework. This regulation, Breton explained, "has to be able to fuel innovation and be able to resist and respond to technological evolutions."
In the words of the Internal Market Commissioner, 'artificial intelligence legislation cannot be changed every 2 years'. "It must be able to adapt and take on technological advances. I do not think that we have to approach this legislation from a specific point of view: we have to do an exercise of foresight, think about the future".
Breton insisted to the commission that the EU's objective must be that European data- "and in particular industrial data"— can be "stored, processed and processed in Europe, following European standards and criteria, and not those of a third country".
To this end, the commissioner recalled the strategy on which the European Commission is working. One of the pillars on which it is based is the Legislative Development to have a regulatory framework "with a European spirit".
For example, on AI, he advanced on" the risks that this technology brings". "We received many proposals in the public consultation period, and 20% of them came from outside Europe, which reveals the interest it generates outside everything that happens on our continent."
Unicorns like Glovo or Cabify are already small for France or the UK: on the hunt for the next European tech giant
The proposal for the AI regulatory framework will be announced next year, with particular emphasis on the quality of the data generated and the sensitive information that can be extracted. "Football stadiums, streets or airports will always be considered high-risk systems, and their effectiveness and respect must be checked before implementation."
"We must impose clear information on users. A citizen must know when he is communicating with a machine and when with a human being."