1

Kik Messenger communicating without SSL

While nothing to be fearful about, I wouldn't recommend sending your bank account number and sort code via Kik Messenger for Windows Phone anytime soon, not that you would anyway. While the user's password is sent either hashed or encrypted, it's reported that Kik is sending user email addresses and messages in clear-text, viewable by any middle man, over an open connection (i.e. unsecured WiFi).

Mike Cardwell, a well established IT specialist, reported a year ago how Kik was insecure with Blackberry, Android and iOS. Kik has since resolved these issues this year and have commented on an article over at Within Windows covering the WP7 client:

 "Hi Rafael, Corry from Kik here. Thanks for your analysis.We are aware of this issue and plan to add WP7 message encryption in a future release. We want to reiterate that the password is not being sent in clear-text, and that our Android and iPhone clients feature full SSL encryption (login info + messages), as Mike Cardwell mentioned in his comment."

At least our passwords are safe, although we do recommend using multiple passwords for your online accounts, especially between social networks and e-commerce sites. Hopefully security will be added for emails and messages in Kik at some point in the near future. Use over 3G should be fine since the signal is encrypted.

Source: Within Windows and Mike Cardwell, thanks insi for the tip!

1
loading...
0
loading...
11
loading...
0
loading...

Comments

There is 1 comment. Sign in to comment

4UrEyezOnly says:

There are several apps that are "light" on some of those basic measures for secure messaging - not good for the free wifi locations. Compare to the 4UrEyezOnly app which provides DRM communications and additional features