Chat & privacy: Anyone can listen to Line
- Published: 23/09/2013 at 04:32 PM
- Online news:
Thai police claimed Line helps them listen to chat, then Line said not true... but no security in Line means anyone can listen to chatting anytime.
Several months ago, a Line message warned about the Technology Crime Suppression Division's plan to trace the chat logs of people using the smartphone app. (Photo by Patipat Janthong)
Drawing the Line on spying on internet chat users
Thai police claim that the popular instant messaging app Line is secretly helping them to gain access to chat logs Naver, its creator has denied helping them and said it had not received any requests from the Thai police. Both statements are very right, and yet are very, very wrong.
Line has left its security wide-open so that almost any state or telecommunication company could access full chat history with minimal effort
Working with a communications network engineer we were both shocked and surprised when we saw not just the metadata but entire conversations played out in plain text with no encryption at all for both 2G and 3G.
This would mean that anyone, from your telcos like AIS, Dtac or TrueMove to your ISP (CAT, TOT) to the cable carriers that link Thailand to Japan (probably via Malaysia and Singapore first), can all listen in and see your chats.
But that was not all.
We continued to look at the header metadata and it soon became clear Line was using a simple, easy-to-read format to communicate with the server in Japan.... We found out we could pull historical chat logs up to two months old just by changing a couple of parameters in the request
It must be stressed that this was done just from looking at the communication logs the chatter between the Line app and the server that is not encrypted - and not from reverse engineering or even looking into the app itself, such is the lack of protection
Anyone at your telco or cable company could listen in on your communications and see and copy the key....
Pol Maj-Gen Pisit was right when he said that Line secretly cooperates with Thai police - and in fact all authorities worldwide - in providing chat data through leaving this gaping back door wide open.
Line was right, too, in saying that the Thai police had not asked for help as obviously they did not need to. Both were right in what they said but both were so wrong in their deeds ...
Don Sambandaraksa is technology writer at Telecom Asia and a former journalist with Database at the Bangkok Post.
About the author
- Writer: Jon Fernquest
Position: Assistent Manager Educational services