Browse > Article
http://dx.doi.org/10.9708/jksci.2016.21.8.029

Evaluation of Safeness and Functionality in Applied Technologies for Mobile Messengers  

Cho, Gyu-Sang (Dept. of Computer Information, Dongyang University)
Abstract
Recently, KakaoTalk users seek secure messengers with fears of 'possible' censorship over a mobile messenger. Instead German messenger "Telegram" is gaining popularity in South Korea. Are the known as secure messengers actually secure? In this paper, we evaluate secure mobile messengers in terms of private information protection. We establish the fourteen criteria to evaluate the functionality of messenger apps including communication encryption in transit, the possibility of leakage of decrypted messages via server, an encryption algorithm, a key exchange algorithm, an ephemeral message application, etc. Line, Telegram, Snapchat, WhatsApp, Wickr, Facebook Messenger and KakaoTalk, which have many worldwide and domestic users, are to be targeted. Wickr is ranked at the top of the evaluation, followed by Telegram and Line but KakaoTalk and Snapchat are ranked at the bottom of the evaluation list.
Keywords
End-to-End Encryption; Mobile Messenger App; Wickr; Telegram; WhatsApp; Line; Facebook Messnger; KakaoTalk; Snapchat;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Korea Communication Commission, "Guideline for Right to exclude his own Internet postings," www.kcc.go.kr/download.do?fileSeq=43062
2 WhatsApp, "WhatsApp Encryption Overview," Technical white paper, https://www.whatsapp.com/security/WhatsApp-Security-Whitepaper.pdf 2016.
3 ZDNet Korea, "Marker Group-Gangwondo, 'Right to be forgotten' Business Agreement," http://www.zdnet.co.kr/news/news_view.asp?artice_id=20150813172344
4 MK News, "Tweeter apply 'Right to be forgotten' for Korea," http://news.mk.co.kr/newsRead.php?year=2016&no=347663
5 Wikipedia, "Transport Layer Security-Dealing with man-in-the-middle attacks," https://en.wikipedia.org/wiki/Transport_Layer_Security#Certificate_pinning
6 Namu Wiki, "Telegram-Security," https://namu.wiki/w/%ED%85%94%EB%A0%88%EA%B7%B8%EB%9E%A8
7 Pavel Durov, "Telegram was kicked out from Play Store for a few hours today due to @naver_line's actions," https://twitter.com/durov/status/619486763032182784
8 Telegram, "$300,000 for Cracking Telegram Encryption," https://telegram.org/blog/cryptocontest
9 The Hacker News, "Is Telegram Really Secure?-4 Major Privacy Issues Raised by Researcher," http://thehackernews.com/2015/11/telegram-securityprivacy.html
10 Telegram, "Secret chats, end-to-end encryption," https://core.telegram.org/api/end-to-end
11 Electronic Frontier Foundation, "Secure Messaging Scorecard," https://www.eff.org/node/82654, 2014.
12 "Target and Sanpchat suffer major data breaches," Computer Fraud and Security, pp. 2-3, Jan. 2014. doi:10.1016/S1361-3723(14)70001-6
13 BBC Newsbeat, "Hackers threaten to post more Snapchat photos online," http://www.bbc.co.uk/newsbeat/article/29581386/hackers-threaten-to-post-more-snapchat-photos-online
14 Tarun Mehrotra and B. M. Mehtre, "Forensic Analysis of Wickr Application on Android Devices," 2013, IEEE Int. Conf. on Computational Intelligence and Computing Research, 2013. doi:10.1109/ICCIC.2013.6724230
15 Decipher Forensics, "Snapchat Unveiled: an Examination of Snapchat on Android Devices," http://www.decipherforensics.com/snapchat
16 Gibson Security, "Snapchat - GibSec Full Disclosure," http://gibsonsec.org/snapchat/fulldisclosure/#encrypting-normal-snaps
17 Snapchat Supprot, "When Does Snapchat Delete Snapsand Chats?," https://support.snapchat.com/en-US/a/when-are-snaps-chats-deleted
18 Line, "Line, 'Letter Sealing'-The World First E2EE Technology Through Smart Phone and PC Platform," https://linecorp.com/en/pr/news/ko/2015/1110
19 Line Engineers' Blog, "For more safer dialogue: Letter Sealing," http://developers.linecorp.com/blog/ko/?p=162
20 CNET Korea, "Messenger 'Line' Revealed Security Vulnerability," http://www.cnet.co.kr/view/129214
21 Pioneer of Security Research, "Secure Chat Messenger App Security Check," http://www.pocsec.com/blog/secure_chat.pdf
22 LINE Security Bug Bounty Program, https://bugbounty.linecorp.com/en/
23 Wickr, "How Wickr's Encryption Works," https://www.wickr.com/security/how-it-works
24 Wickr, "Wickr Messaging Protocol-Technical Paper," https://www.wickr.com/uploads/files/700869603163179165-wickr-whitepaper-final.pdf
25 Asterisk Labs, "Making Wickr Weaker," https://labs.asteriskinfosec.com.au/making-wickr-weaker
26 WhatsApp blog, https://blog.whatsapp.com
27 Kakao blog, "Talking about KakaoTalk web address link utilizes in Daum web search," http://blog.kakaocorp.co.kr/516
28 Der Spiegel, "WhatsApp-Update: Gut verschlusselt, aber nicht komplett sicher," http://www.spiegel.de/netzwelt/apps/whatsapp-versch luesselung-gut-aber-nicht-komplett-abhoersicher-a-1085726.html
29 Facebook, Messenger Secret Conversations-Technical Whitepaper, http://www.fb.com
30 Facebook Newsroom, "Facebook Messenger Celebrates Reaching 1 Billion Monthly Active User," http://ko.newsroom.fb.com
31 The Guardian, "Facebook planning encrypted version of its Messenger bot, sources say," https://www.theguardian.com/technology/2016/may/31/facebook-messenger-bot-encryption-secure-messaging
32 ZDNet Korea, "Facebook Messenger - Malware," http://www.zdnet.co.kr/news/news_view.asp?artice_id=20160608071232
33 Kakao blog, "Actually, KakaoTalk Messages are," http://blog.kakaocorp.co.kr/216
34 Joongangilbo, "New Malware using Facebook," http://news.joins.com/article/19913438
35 DaumKakao, "KakaoTalk serves group chats," http://stchero.tistory.com/311
36 Kakao blog, "The Dispute over Censorship about KakaoTalk," http://blog.kakaocorp.co.kr/215
37 Ohmynews, "FBI Unlocked iPhone without Apple's Assistance," http://www.ohmynews.com/NWS_Web/View/at_pg.aspx?CNTN_CD=A0002194982
38 Security News, "Smishing Malware Steals KakaoTalk DB," http://www.boannews.com/media/view.asp?idx=43794
39 Kakao blog, "Privacy Mode Begin Today," http://blog.kakaocorp.co.kr/254
40 Hankookilbo, "Telegram Reveals Korean Version," http://www.hankookilbo.com/v/016edd62a6c14c6784ff43892e00063d
41 Newsis, "Right to be forgotten begins in Korea," http://www.newsis.com/ar_detail/view.html?ar_id=NISX20160601_0014122124&cID=10401&pID=10400
42 Wickr, "Wickr Messenger," https://www.wickr.com/personal#features
43 Wikipedia, "KakaoTalk," https://ko.wikipedia.org/wiki/%EC%B9%B4%EC%B9%B4%EC%98%A4%ED%86%A1