Top social and dating apps, including Instagram, OkCupid, GroupMe, and Grindr, could give hackers access to what users think are private messages, according to research from the University of New Haven’s Cyber Forensics Research and Education Group.
Back in April, the researchers found vulnerabilities in WhatsApp and Viber, which prompted changes by both companies.
With that success, the team decided to conduct a more comprehensive study on messaging apps, the group's director, Ibrahim Baggili, told The Huffington Post in an email. Over the last two months, the researchers looked at 21 different Android apps: Instagram, OkCupid, ooVoo, Tango, Kik, Nimbuzz, MeetMe, MessageMe, TextMe, Grindr, HeyWire, Hike, textPlus, Words With Friends, Vine, Line, MyChat, WeChat, GroupMe, Whisper, and Voxer.
To test the apps, Baggili and his team used analysis tools to check transmissions between an Android phone and an iPad. Baggili said they found that over a dozen of the Android apps do not encrypt stored data and don't require people to log into an account to view it. That means the information is readable and accessible by hackers, who can intercept data (like your naked pics) being sent over a wireless network.
Baggili, whose Ph.D. research at Purdue University focused on information security and cyber forensics, said that instead of releasing one long report, the team decided to release the results as five separate videos, which will go live on their YouTube channel at 12 a.m. EST every day for a week, starting on Monday. The first video focuses on Instagram, OkCupid, and ooVoo.
In their initial YouTube post, the researchers detail how they used NetworkMiner, an online tool that allows anyone to see unencrypted data being sent over a Wi-Fi network, to search OkCupid chats for key phrases. The team could see chats and the users sending and receiving them. They also found old images stored on Instagram and ooVoo, according to the video.
In a subsequent video, not yet posted to YouTube but shared with The Huffington Post, the researchers show how they could intercept Grindr messages because transmissions via its network are stored with "http" links, not https. Further videos will also address MessageMe, Tango, HeyWire, and textPlus.
“We wanted to have a fun way of releasing our results without boring people to death in one really long video,” Baggili said of the choice to release several short YouTube clips. University of New Haven graduate students Jason Moore and Armindo Rodrigues and undergraduate Daniel Walnycky helped Baggili conduct his research.
The team reported the findings to the respective companies, Baggili said. But as of Monday afternoon, they had yet to hear back.
Nineteen of the 21 companies the researchers tested did not respond to requests for comment from HuffPost on Monday. In a statement, Grindr said, "We monitor and review all reports of security issues regularly. As such, we continue to evaluate and make ongoing changes as necessary to protect our users." GroupMe said the company was "investigating."
Our 2024 Coverage Needs You
It's Another Trump-Biden Showdown — And We Need Your Help
The Future Of Democracy Is At Stake
Our 2024 Coverage Needs You
Your Loyalty Means The World To Us
As Americans head to the polls in 2024, the very future of our country is at stake. At HuffPost, we believe that a free press is critical to creating well-informed voters. That's why our journalism is free for everyone, even though other newsrooms retreat behind expensive paywalls.
Our journalists will continue to cover the twists and turns during this historic presidential election. With your help, we'll bring you hard-hitting investigations, well-researched analysis and timely takes you can't find elsewhere. Reporting in this current political climate is a responsibility we do not take lightly, and we thank you for your support.
Contribute as little as $2 to keep our news free for all.
Can't afford to donate? Support HuffPost by creating a free account and log in while you read.
The 2024 election is heating up, and women's rights, health care, voting rights, and the very future of democracy are all at stake. Donald Trump will face Joe Biden in the most consequential vote of our time. And HuffPost will be there, covering every twist and turn. America's future hangs in the balance. Would you consider contributing to support our journalism and keep it free for all during this critical season?
HuffPost believes news should be accessible to everyone, regardless of their ability to pay for it. We rely on readers like you to help fund our work. Any contribution you can make — even as little as $2 — goes directly toward supporting the impactful journalism that we will continue to produce this year. Thank you for being part of our story.
Can't afford to donate? Support HuffPost by creating a free account and log in while you read.
It's official: Donald Trump will face Joe Biden this fall in the presidential election. As we face the most consequential presidential election of our time, HuffPost is committed to bringing you up-to-date, accurate news about the 2024 race. While other outlets have retreated behind paywalls, you can trust our news will stay free.
But we can't do it without your help. Reader funding is one of the key ways we support our newsroom. Would you consider making a donation to help fund our news during this critical time? Your contributions are vital to supporting a free press.
Contribute as little as $2 to keep our journalism free and accessible to all.
Can't afford to donate? Support HuffPost by creating a free account and log in while you read.
As Americans head to the polls in 2024, the very future of our country is at stake. At HuffPost, we believe that a free press is critical to creating well-informed voters. That's why our journalism is free for everyone, even though other newsrooms retreat behind expensive paywalls.
Our journalists will continue to cover the twists and turns during this historic presidential election. With your help, we'll bring you hard-hitting investigations, well-researched analysis and timely takes you can't find elsewhere. Reporting in this current political climate is a responsibility we do not take lightly, and we thank you for your support.
Contribute as little as $2 to keep our news free for all.
Can't afford to donate? Support HuffPost by creating a free account and log in while you read.
Dear HuffPost Reader
Thank you for your past contribution to HuffPost. We are sincerely grateful for readers like you who help us ensure that we can keep our journalism free for everyone.
The stakes are high this year, and our 2024 coverage could use continued support. Would you consider becoming a regular HuffPost contributor?
Dear HuffPost Reader
Thank you for your past contribution to HuffPost. We are sincerely grateful for readers like you who help us ensure that we can keep our journalism free for everyone.
The stakes are high this year, and our 2024 coverage could use continued support. If circumstances have changed since you last contributed, we hope you'll consider contributing to HuffPost once more.
Support HuffPostAlready contributed? Log in to hide these messages.