IDG News Service - Perhaps there is finally something to deter Chatroulette.com users from their more offensive behavior: University researchers say that users of the popular video-chat site may not be as anonymous, or as private, as they think.
In a paper posted online this week, researchers from the University of Colorado at Boulder and McGill University outline three different types of attacks that could be launched against Chatroulette users.
Founded just last year by 17-year-old Russian entrepreneur Andrey Ternovskiy, Chatroulette links Web surfers randomly into one-on-one video chat conversations. The site has come under fire, however, because of nudity and inappropriate behavior.
The new research doesn't expose any gaping privacy holes, but showa how the service could be misused by determined criminals. For example, researchers describe a type of video phishing attack, where the criminals would simply play a video of an attractive woman who appears to be chatting with the victim, with audio disabled.
In a test, they were able to trick users into thinking they were actually chatting with a prerecorded video of a pretty woman. They did this by making the video choppy, as if it came from a low-bandwidth network and using text-based chat, instead of audio chat. Only one of the 15 users who chatted with the video asked the researchers to prove that it was of a real, live person. Otherwise, the researchers were regularly able to get people to chat for an hour using this technique.
The novelty and apparent intimacy of a chat session could make it easier to con people into friending scammers on Facebook or even visiting malicious Web sites, said Richard Han, an associate professor with the University of Colorado who co-authored the paper. "If you can present an attractive persona there," he said, "people start to trust the person on the other side and they lower their guard and they start to reveal information about themselves."
They also found a way to make Chatroulette's anonymous chats much less anonymous.
Because Chatroulette's back-end system shares user IP addresses, researchers were able to use IP-mapping services to get a general idea of user's location (a public Web site, called Chatroulettemap.com already does this). Then by searching Facebook using information obtained in chats and comparing pictures, researchers were able to identify chatters.
"Even in a city as big as Chicago, you can drill down and find the person you're actually talking to," Han said.
Privacy takes a hit too, in the paper.
Han and his team also believe that it would be easy to listen in on chat conversations by writing a simple computer program that could act as a middleman between Chatroulette conversations, connecting two users and recording what they say. Though Han believes it would be easy to do, his team didn't write the software to conduct this attack. "We did not implement this attack because we thought it was so dangerous," he said.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The Critical Role of Support in Your Enterprise Mobility Management Strategy Most business leaders underestimate the importance of tech support when they choose an EMM solution. Here's what to put on your checklist.
- Separating Work and Personal at the Platform Level: How BlackBerry Balance Works BlackBerry® Balance™ separates work from personal on the same mobile device, right at a platform level. Find out how it can work for...
- Protection for Every Enterprise: How BlackBerry Security Works Get an IT-level review of BlackBerry® Security, addressing data leakage protection, certified encryption, containerization and much more.
- Future Focus: What's Coming in Enterprise Mobility Management (EMM) Find out why Enterprise Mobility Management (EMM) solutions that are truly future-ready must be designed to enable Machine-to-Machine (M2M) capabilities and much more.
- Data Protection and Disaster Recovery with iSCSI and VMware Get this on demand webcast now
- The New Way to Work Knowledge Vault This Knowledge Vault focuses on how, in today's increasingly virtual world, it's more important than ever to engage deeply with employees, suppliers, partners,... All Privacy White Papers | Webcasts