Security risks of online chat systems

Given all the things that are possible in online chat systems, you may have already realised that even this world is not free of security risks. That would be too easy. Unfortunately most systems place more emphasis on functionality and usability than on security. This is particularly the case with instant messaging systems (IM systems), which offer additional functionalities and therefore more points of vulnerability than purely text-based chat systems.
The biggest security risks:

• Lack of encryption: With almost all of these systems, messages are not sent directly from the computer or mobile device of a user to the intended recipient, but are instead first sent from a user to a switching computer via the public internet, and then on to the recipient. In most cases, this communication is not encrypted and the messages can be read by other people (e.g. by the administrators of the switching computer).
• Spread of malware: Viruses, worms and trojans can be spread through the transfer of files via IM systems.
• Use of scripts: The most widely used IM systems provide script functions, which allow users to write scripts to manage various functions within the messaging client. These can be used, for example, to contact other users, change program settings and carry out other actions. This does have its uses, but it is also a paradise for computer malware. Dozens of script-based IM worms have already been identified.
• Fake user accounts: Passwords are often not managed in a secure manner. Anyone who manages to crack the password of an account can then present themselves as a false identity. This is no challenge for professionals.
• Program complexity: Like all other internet applications, IM systems may contain faults that can be abused by attackers via the internet. The types of attacks range from manipulation of infiltrated data packets to attackers gaining direct access to the user's end devices.

Security safeguards for online chat systems

As in other areas, there is only one way to prevent computer malware from spoiling your fun when chatting online, by protecting yourself! Of course, purely text-based online chat systems, where you cannot exchange any files, are the safest option. The threat of insufficient encryption remains, however. Confidential information like bank details, passwords or similar should not be sent in online chat systems.

You should observe the following security tips when using instant messaging systems:

• Activate your anti-virus software and a personal firewall.
  This prevents malware from spreading if you transfer files via chat systems. The firewall can also prevent potential attacks.
• Install all current patches for the instant messaging software that you use.
• Deactivate automatic acceptance of files.
  Files should only be saved after a security prompt.
• Do not open any unrecognised attachments.
  A fundamental principle is that you should never open any attachments from unrecognised senders or of unrecognised types. Arrange to send files in advance if you know the sender, because sender addresses can be falsified.