Security News > 2020 > October > Link Previews in Chat Apps Pose Privacy, Security Issues: Researchers
An analysis of the manner in which popular chat applications handle link previews has revealed several privacy and security issues, including some that still need addressing, security researchers warn.
Link previews provide users with information on what a link received in chat would lead them to, regardless of whether it is a file or a web page.
Link previews can be abused for nefarious purposes, and security researchers Talal Haj Bakry and Tommy Mysk claim to have identified several cases in which popular chat apps for iOS and Android fail to provide their users with the necessary protections against such abuses.
In Reddit, previews are generated by the receiver, before the user taps on the link, which the researchers found to be a major privacy concern, as it may result in the receiver's IP address being leaked to the sender.
"As we explained to the researcher weeks ago, these are not security vulnerabilities. The behavior described is how we show previews of a link on Messenger or how people can share a link on Instagram, and we don't store that data. This is consistent with our data policy and terms of service," a Facebook spokesperson told SecurityWeek.
News URL
Related news
- Researchers Uncover Major Security Vulnerabilities in Industrial MMS Protocol Libraries (source)
- WeChat devs introduced security flaws when they modded TLS, say researchers (source)
- Researchers Discover Severe Security Flaws in Major E2EE Cloud Storage Providers (source)
- Apple Opens PCC Source Code for Researchers to Identify Bugs in Cloud AI Security (source)
- Germany drafts law to protect researchers who find security flaws (source)