Daily Bulletin


The Conversation

  • Written by Mohiuddin Ahmed, Lecturer of Computing & Security, Edith Cowan University
beware the cyber risks of virtual meet-up apps like Houseparty

Social gatherings with friends and family are an essential part of being human. So it’s no surprise, with real-life gatherings limited to just two people, that people are flocking to apps that can keep us connected virtually.

The breakout hit has undoubtedly been Houseparty, which bills itself as a “face to face social network”, allowing simultaneous video chat in groups of up to eight users.

But with the app’s booming popularity come a growing number of questions about how safe and secure these kinds of apps really are.

Read more: 'Zoombombers' want to troll your online meetings. Here's how to stop them

Although Houseparty has been around since 2016, the COVID-19 pandemic has sent it stratospheric. Last month it reportedly shot from 130,000 downloads a week to 2 million.

Its “parties” are initiated by invitation, usually from the users’ phone contact list. Other options include linking to Facebook, or finding users based on location.

It can run on both Android and iOS devices, giving it a significant advantage over services such as Apple’s FaceTime, which are restricted to specific platforms.

But House Party isn’t the only way for people to hang out virtually. Netflix Party, for example, allows friends to simultaneously stream content via Google’s Chrome browser. The tool also comes with a chat functionality that allows viewers to discuss the action, like a virtual version of Gogglebox (minus the TV crews).

Some users may choose to use more traditionally business-oriented conferencing tools like Skype or Zoom, although they lack the hipster-chic of the party apps. Zoom in particular is grappling with recent bad publicity relating to security vulnerabilities.

Privacy at risk

Unlike Facebook, which allows friend requests between total strangers, Houseparty and Netflix Party seem to have set a higher privacy standard at the outset, by virtue of their invitation-only policies. But this process is not as watertight as it might sound.

For example, the Houseparty app does not require any authentication of the identity of the user, as it only requires validation of the device via a code sent to the user’s phone.

There is also no age verification, although admittedly this is difficult to implement successfully.

Read more: Restricting underage access to porn and gambling sites: a good idea, but technically tricky

Some Houseparty users have also been surprised at the ease with which the live video chats can be initiated, sometimes unwittingly – which presents clear privacy problems.

The app’s default settings also allow gatecrashers to enter virtual parties – something that can only be prevented by changing the settings to “lock” the session.

Cyber crime

It would be relatively simple for a cyber-criminal, with the help of a stolen smartphone, to exploit virtual parties. Most Facebook users would avoid accepting a friend request from someone they don’t know, but Houseparty’s single-factor identification makes it fairly straightforward to pose as someone’s friend.

Once connected, criminals could exploit their victims in various ways, such as by coercing them into giving up money or personal details. There is also a risk that bored or unwary users may be more willing to connect with strangers during extended stays at home.

Younger users, particularly teens using devices without parental scrutiny, may be particularly vulnerable to this kind of exploitation.

Taking it outside

Cyber-criminals can also copy the apps’ notifications to trick users into clicking a link that actually takes them elsewhere.

To send invitations to those who are not already using the app, Houseparty needs permission to access the users’ contact list. This allows the app to invite someone with a link via SMS. The SMS is quite brief, for example:

We need to talk. https://get.houseparty.com/yourpartycode

It would be simple to create a similar-looking URL that directs users not to Houseparty but instead to a malicious site that installs spyware or other malware on their device. There is no evidence yet of such attempts via Houseparty, but similar SMS scams are already widespread elsewhere.

Netflix Party is similarly vulnerable to phishing attacks. A fake Netflix Party link could become a nightmare for victims if their identity is stolen during the lockdown period.

Read more: Everyone falls for fake emails: lessons from cybersecurity summer school

Just as working from home poses cyber dangers, so too do our social activities during lockdown.

That is especially the case given that the blurring of home and work life makes it more likely that people will be undertaking social activities on their work devices. Losing sensitive corporate information would certainly be no party.

Authors: Mohiuddin Ahmed, Lecturer of Computing & Security, Edith Cowan University

Read more https://theconversation.com/crashing-the-party-beware-the-cyber-risks-of-virtual-meet-up-apps-like-houseparty-135032

Writers Wanted

One quarter of Australian 11-12 year olds don't have the literacy and numeracy skills they need

arrow_forward

Step-by-Step Process of Filing Bankruptcy in Georgia

arrow_forward

The Conversation
INTERWEBS DIGITAL AGENCY

Politics

Prime Minister Interview with Kieran Gilbert, Sky News

KIERAN GILBERT: Kieran Gilbert here with you and the Prime Minister joins me. Prime Minister, thanks so much for your time.  PRIME MINISTER: G'day Kieran.  GILBERT: An assumption a vaccine is ...

Daily Bulletin - avatar Daily Bulletin

Did BLM Really Change the US Police Work?

The Black Lives Matter (BLM) movement has proven that the power of the state rests in the hands of the people it governs. Following the death of 46-year-old black American George Floyd in a case of ...

a Guest Writer - avatar a Guest Writer

Scott Morrison: the right man at the right time

Australia is not at war with another nation or ideology in August 2020 but the nation is in conflict. There are serious threats from China and there are many challenges flowing from the pandemic tha...

Greg Rogers - avatar Greg Rogers

Business News

AppDynamics Solves Visibility Gap Between Traditional Infrastructure and Cloud Environments

New Full Stack Observability Platform, Integration With Cisco Intersight Workload Optimizer and Cloud Native Visualisation Features Provide Cross Domain Insights and Analytics of Business Perfor...

Hotwire Global - avatar Hotwire Global

Why Your Small Business Should Bulk Buy Hand Sanitiser

As a small business owner, employee and customer safety is at the very top of your priority list. From risk assessments to health and safety officers, appropriate signage and proper briefing...

News Co - avatar News Co

How Phone Number Search In Sydney Can Help Your Business

To run a successful business, keeping track of your company and competitors are the major factors. With a lot of tools, available businesses have options to stay current. One way in which busine...

News Co - avatar News Co



News Co Media Group

Content & Technology Connecting Global Audiences

More Information - Less Opinion