The human factor as the main vulnerability of users of popular instant messengers for scammers

human-factor

Popular text messengers constantly develop, implement, use and improve the latest means of protecting their audience from intruders. We are talking about such giants of the market as WhatsApp, Facebook Messenger, Viber, and Telegram. But no matter how they tried to make their products 100% safe, it often succeeds in the context of a direct attack. Scammers have long and effectively used the ignorance of users to steal personal data through their stupid actions.

The human factor phenomenon

Such unsolvable problem must have the correct answer for safe use eventually, but it is very difficult to approach it. Inform all users and get everyone to understand the concept of protective actions is impossible. Therefore, for the time being, researchers are gradually trying to understand how users behave, search for their actions patterns and discuss ways to implement new protective mechanisms.

For example, take the three most common messages at the moment: WhatsApp, Facebook Messenger, Viber. (Telegram will also be kept in the attention, because it grows very fast and has every chance of becoming a supermassive phenomenon.) All these three applications use data encryption and require an authentication action to be taken to ensure full security of conversation (correspondence).
Few of the users perceive authentication seriously, and do not know its importance. But the third party can follow your conversations. Just write in the search box “Can I spy Viber / Facebook Messenger / WhatsApp?” and choose from a huge list of spy apps. By the way, such spyware have functions for every taste.

What is authentication ceremony and what to do with it?

authenticWe are talking about a procedure that allows the user and his device to record the presence of the right person on the other “end of the wire”, and to conduct a confidential conversation next. Data passes through the server of the messenger, but it is usually guaranteed that no one else will be able to read it, even the administration.

We will tell you more about the experiment, where scientists decided to follow the users behavior in matters of security in correspondence. A group of people was divided in half. Everyone received an assignment to send another [own] credit card number to another. The main condition of the experiment is that the person must correctly ensure the confidentiality of the transmission of such data. After all, if this is not taken into account, the attacker will be able to take the card and the funds on it to himself. This, unfortunately, is a common problem today.

Participants were thoroughly briefed on possible threats. The first part of the study began, and showed the result of 14% of people who were able to successfully guarantee the confidential status of the message with the credit card number, setting the identity of the addressee. Others chose special security measures, for example, they asked the interlocutor about joint information.
In the second step, people were asked to perform the action one more time, but this time the researchers stressed the importance of carrying out this very “authentication ceremony”. As a result, 79% of people could already achieve the correct authentication of the second person.

The difference in numbers is so impressive, you can agree with this. But not everything is as smooth as we would like. The participants of the experiment spent too much time on the action: on average, 11 minutes of time was spent to achieve success. People understood the principle of the authentication ceremony, almost all were able to implement it, but, at the same time, they spent a lot of time and energy, were eventually depressed by the fulfillment of this task.

Now scientists will draw conclusions and look for ways to make the ceremony of authentication something simple and convenient for everyone. The problem in this issue remains the fact that with the obvious problems of the need to protect data, average users do not collide or are stuck very rarely. For this reason, they find it difficult to force themselves to accept the importance of the problem and spend time learning the ways to solve it and study the security functions built into various apps (and so on). We really want to believe that a simple and elegant solution to such problems will be found.

Leave a Reply