News

The Role Human Error Plays When Encrypted Communication Apps Are Compromised.

Encrypted communication tools and software have seen a steady rise since the many surveillance revelations that were exposed by whistleblowers, such as Edward Snowdon. The notion of encrypting your emails, web browsing history and even phone calls have led to a battle over security vs state monitoring, but, what are the weaknesses within these various encrypted apps? A new study has found that we humans often compromised our own anonymity.

The observation in question was discovered by researchers at the University of Alabama who performed a study that “Mimicked a cryptophone app”. These apps including Signal may ask both parties who are either texting or calling to “verbally compare a short string of words they see on their screens which is often referred to as a checksum or short authentication string”  This is with the aim of ensuring that a new communication session has not been intercepted by a third-party, if it has, the words will not match up and thus it is not secure.

Sounds secure, the study has found that the flaw lies in many cases with human error itself, let me explain. Researchers designed the aforementioned mimicking of a cryptophone app before asking participants within the control group to use a web browser to make a call to an online server. They were then asked to listen to a random two or four word sequence before determining if it matched the words they saw on the computer screen in front of them. The control group were also asked to determine if the voice they heard was the same as one they’d heard previously reading a short story.

Researchers found that the study control group would more often than not accept calls when hearing the wrong sequence of words and reject calls when the sequence was transmitted correctly. It was also found that a four word checksum decreased the overall level of security when it should in theory increase it. To put it into perspective, out of 128 participants, an incorrect two-word string was accepted 30% of the time, while the same level two-word string that was spoken correctly was rejected 22% of the time. Four word strings had even worse results with incorrect strings being accepted 40% of the time while rejecting ones that were in fact correct 25% of the time.

A possible cause could lie in the fact that these words are random and not easily placed in a sentence, therefore, we humans tend to zone out and therefore lose concentration, the result could be that we think we hear something which is in fact incorrect or vice versa.

It’s an interesting experiment which could lead to better development of apps that aim to keep conversations secure.

Christopher Files

Disqus Comments Loading...

Recent Posts

BenQ MOBIUZ EX2710Q 27″ QHD 165Hz 1ms, HDRi IPS Gaming Monitor

SpeakersSpeakersYesSpeaker amount and power output2x 2 WattDimensionsLength / Depth252.5 mmWidth614 mmHeight525.8 mmWeight7.4 kgStandards / SpecificationsAdaptive…

2 hours ago

Intel Core i7-12700KF 3.60GHz Socket LGA1700 Processor

Thermal SpecificationsMax. TDP125 WCPUCPU ManufacturerIntelCPU SeriesIntel Core i7CPU Socket1700CPU ArchitectureIntel Alder Lake-SCPU Cores12CPU Threads20Performance Cores8Efficiency…

2 hours ago

AOC 24B3HA2 24″ 1920×1080 VA 100Hz 1m Widescreen LED Multimedia Monitor 

AOC 24B3HA2 23.6 1920x1080 VA 100Hz 1m Widescreen LED Multimedia Monitor - Black High-performance clarity…

2 hours ago

Corsair Hydro Series iCUE Link H115i RGB Performance Liquid CPU Cooler

Fan SpecificationsFan Size140 mmColourPrimary ColourBlackSecondary ColourWhiteMaterialsMaterialsAluminium, Copper, RubberLightingLightingYesLighting ColourRGBLighting CompatibilityCorsair iCUEAdditional ContentsIncluded fans2x 140 mmTypeCPU…

2 hours ago

Philips Evnia 34″ 34M2C6500/00 3440×1440 QD-OLED 175Hz 1ms FreeSync Curved Ultrawide Gaming Monitor

This monitor is built with features that make incredible visuals. With VESA ClearMR 9000 and…

2 hours ago

Asus Radeon RX 7900 XTX TUF OC 24GB GDDR6 PCI-Express Graphics Card

The AMD RDNA™ 3 Architecture elevated by buffed cooling and power delivery to effortlessly churn…

2 hours ago