Free UNH app helps find unencrypted data leaked from applications on phones and computers.
Computer scientists at the University of New Haven who recently discovered that some social media data is neither private nor secure, have developed an app to help the public determine if their phone data has been breached. (A video about Datapp is available on the group’s YouTube channel.)
The app, known as Datapp, is available free on the website of the Cyber Forensics Research and Education Group (UNHcFREG)’s website. Datapp was developed in response to demand from people who contacted the group after its researchers received worldwide attention for revealing security flaws, breaches of privacy and additional vulnerabilities in chat, dating and other social media apps used by more than one billion subscribers.
“Basically, anyone who is able to intercept network data can look at unsecured data including photos, messages and other information,” said Roberto Mejia of Brooklyn, N,Y., a master’s candidate in computer science and lead developer of the app. “The app is an easy way to test what’s being sent out from your phone. Without it, there is no way to really know what information has been transferred or delivered to others.”
“Datapp was developed because people contacted us because they want to be able to determine if their own data is secure,” said Ibrahim Baggili, assistant professor of electrical, computer engineering and computer science in the Tagliatela College of Engineering and director of cFREG.
“Many people feel they have nothing to hide.” he said. “Yet, they feel uncomfortable knowing that strangers can easily tap into a variety of ’private’ data and photos without informing the app user.”
The app is easy to install on a computer and link with a mobile phone to test whether data from the phone is unencrypted. Mejia said.
The app has been developed only for Windows 7 and 8, so far, said Frank Breitinger, assistant professor of computer science. “With the community’s support, we can port it over to other operating systems.”
Work by cFREG demonstrated that data sent to more than a dozen applications could be retrieved long after it was sent and intercepted by people it was not intended to reach. The work from the prior research will be presented at the 15th Annual Digital Forensics Research W
“It’s wrong for a stranger to be able to look at your private information without you even knowing they are doing it,” Baggili says. “Depending on the app, user locations, passwords, chat logs, images, video, audio and sketches can be viewed by people invading the user’s privacy.”
Although some of the security issues were corrected by the companies that own the apps, vulnerabilities remain. “Some mobile developers are still not taking the security issue seriously,” he said.
Material from a press release was used in this report.