New research reveals hidden ups and downs of link preview – tech2.org

New research reveals hidden ups and downs of link preview


Link preview Every chat and messaging app got a ubiquitous feature with more good reason. They make online conversation easier by providing pictures and text associated with the file that is being linked.

ARS TECHNICA

This story originally appeared on Ars Technica, a trusted source for technology news, technical policy analysis, reviews and more. Ars is owned by WIRED’s parent company, Condé Nast.

Unfortunately, they can also leak our sensitive data, consume our limited bandwidth, exhaust our batteries, and in one case, uncover links in chats that end-to-end. To be encrypted. Among the worst offenders, according to research published on Monday, are messengers from Facebook, Instagram, LinkedIn and Line. More about this soon. First Preview Brief Discussion.

When a sender includes a link in a message, the application will interact with the text (usually a title) and display images that come with the link.

For this to happen, the application has to go to a proxy – link specified by itself or the application, open the file there, and survey what’s in it. This can open users to attacks. The most serious are those that can download malware. Other forms of malice can force an app to download files so that they cause the app to crash, drain battery, or consume a limited amount of bandwidth. And in the event the link leads to private contents – say, a tax-app server posted to a private OneDrive or DropBox account has an opportunity to view and store it indefinitely.

Monday’s report, the researchers behind Talal Hajj Beri and Tommy Mysk, found that Facebook Messenger and Instagram were the worst offenders. As the chart below shows, both apps download and copy a linked file completely – even if it is gigabytes in size. Again, this can be a concern if the file is something that users want to keep private.

This is also problematic because apps can consume huge amounts of bandwidth and battery reserves. Both apps run any JavaScript contained in the link. This is a problem because users have no way to change the security of JavaScript and messengers cannot be expected to avoid exploitation similar to modern browsers.

Haj Bakri and Mysk reported their findings to Facebook, and the company said that both apps work as intended. LinkedIn performed only slightly better. The only difference was that instead of copying files of any size, it only copied the first 50 megabytes.

    .

Leave a Reply

Your email address will not be published.