An experiment performed by Birmingham's University of Alabama demonstrated that human errors can weaken security encryption for smartphones and messaging applications.
People think that using expensive smartphones or secure messaging applications can guarantee their privacy. They might have overrated human abilities at each end screwing up schemes that becomes redundant and useless in the end.
According to technologyreview.com, an experiment performed by Birmingham's University of Alabama mimicked the use of a cryptophone application, which shows that the encryption chain's weakest link are humans. Most secure applications can ask the users at each end to compare verbally a short string of words shown on a phone screen known as checksum.
A checksum checks if a communication line is not compromised. In theory, an unmatched word string results to a compromised communication.
The university's research team recreated a similar setup getting participants to take part in the experiment to make phone calls through a web browser. Two- and four-word checksums secured the encryption, which users had to listen to guarantee that what they saw on the phone screen matched verbally.
Sad to say, the team found out that the participants carried on with calls even with the wrong sequencing of words. 30 percent of the time, they are accepting two-word checksums, and 40 percent for four-word checksums. The partakers also hung up on calls with correct checksums, but this finding is less damaging.
The Computer Security Applications Conference presented the case study earlier this month. Although it is unclear about the reasons for human clumsiness, it is likely that checksums were randomly used and accepted. This accounts for the reason that four-word security checksums make things worse rather than two-word security checksums, which in theory makes conversations less secure.
The moral lesson of this story is that smartphones or smartphone applications may be secure, but it does not necessarily mean that the users are safe as well.