Facebook and Instagram can leak data and consume your entire battery

The preview that is generated by messaging apps when we receive a link is very practical – but viewing it, according to a study published by the company Mysk, can lead to the leak of private information, consuming the entire cell phone battery and exposing private information.

The list of problems is chilling: leaking IP addresses, exposing links in encrypted chats, and silent downloading of gigabytes of data in the background. Worse: this happens in so-called safe apps, such as Facebook, Instagram (the worst) and LinkedIn.

To understand how this happens, you need to know how the preview of incoming links is generated.

Mysk/Reproduction

The app needs to open the file at the source and see what’s in it, exposing the user to malware attack or downloading gigantic files – the app then crashes, drains all the energy from the batteries and in that download consumes the bandwidth to the limit.

If the link refers to sensitive information (such as documents), for example, the application server views and still keeps a copy indefinitely.

who is bad in the photo

For the survey’s authors, iOS developers and security researchers Talal Haj Bakry and Tommy Mysk, the worst apps are the Facebook Messenger and the Instagram. Check below the failures of the two and more other applications:

Ars Technica/Reproduction

When the failures are communicated, the Facebook replied to the two developers via email that their servers (which run JavaScript to check security) download only a scaled-down version of an image and not the original file. The company also claims that it does not store the data. (In a video released by the duo, however, the Instagram downloaded a 2.6 GB file in full).

Recommended
Knighthood Game for PC (Windows 7, 8, 10) Free Download

As for the claim of the Facebook on security, Mysk showed that most messaging apps remove JavaScript instead of downloading and running it.

https://www.youtube.com/watch?v=IyTxNHy1Wd0

The problems found were passed on to the applications; so far, only Line and Reddit have fixed the flaws.

Related Articles

Back to top button

Adblock Detected

Please consider supporting us by disabling your ad blocker. Thanks.