Product and service reviews are conducted independently by our editorial team, but we sometimes make money when you click on links. Learn more.
 

Datapp Finds Social Media Vulnerabilities

By - Source: Toms IT Pro
Tags :

A free Windows-based application that identifies security vulnerabilities, particularly unencrypted data leaking from social media applications, is now available from the University of New Haven's (UNH) Cyber Forensics Research and Education Group (UNHcFREG).

The application, called Datapp, allows users and application developers to test their Windows apps for security flaws, breaches of privacy and other security vulnerabilities used in chat, data and other social media applications, said Ibrahim (Abe) Baggili, Assistant Professor of Computer Science at Tagliatela College of Engineering in Connecticut, and head of the UNHcFREG.

The application, developed in the school's research lab, is a follow-up to security vulnerabilities identified by the lab last year, Baggili told Tom's IT Pro. Not only can the user identify the specific data leaks, the application also can display on a world map the location of servers where the phone or PC is connected.

Some social applications claim to send encrypted files but do not, the professor said. Giving users and developers of applications the ability to see, and potentially hear, the data that is being sent openly could be enlightening when they see the kinds of unencrypted data they send. The application can determine if data is already encrypted and then reconstruct images on the fly if they are not.

When run, the program creates a wireless hotspot on the user's phone or PC, allowing them to create and then test the HTTP and Secure HTTP connections. While Baggili acknowledged that the hotspot could be used for nefarious purposes as well, there are other tools publicly available that also create hot spots.

In its current version, the application is supported only on Windows computers and smart phones, and it only works with the HTTP and HTTPS protocols, although Baggili said the code could be ported to iOS, Android and other operating systems and protocols if additional funds could be obtained. Additional potential development could be in the area of voice and video, he said, allowing users to hear conversations and see videos that they thought were being transmitted as encrypted data just as they see still images now.

Datapp

A video about Datapp is available on UNHcFREG's YouTube channel, along with videos from 2014 by the group that described its initial findings. You can download the application from UNHcFREG's blog here.

Comments