Security News > 2020 > October > Experts Warn of Privacy Risks Caused by Link Previews in Messaging Apps

Cybersecurity researchers over the weekend disclosed new security risks associated with link previews in popular messaging apps that cause the services to leak IP addresses, expose links sent via end-to-end encrypted chats, and even unnecessarily download gigabytes of data stealthily in the background.

Link previews are a common feature in most chat apps, making it easy to display a visual preview and a brief description of the shared link.

Although apps like Signal and Wire give users the option to turn on/off link previews, a few others like Threema, TikTok, and WeChat don't generate a link preview at all.

In contrast, link previews generated on the recipient side opens the door to new risks that permits a bad actor to gauge their approximate location without any action taken by the receiver by simply sending a link to a server under their control.

What's more, despite LINE's end-to-end encryption feature designed to prevent third-parties from eavesdropping on conversations, the app's reliance on an external server to generate link previews allows "The LINE servers [to] know all about the links that are being sent through the app, and who's sharing which links to whom."

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/2fJEvQO4_F8/mobile-messaging-apps.html