Go to contents

Kakao Talk found to be vulnerable to personal data theft

Kakao Talk found to be vulnerable to personal data theft

Posted September. 06, 2012 04:33,   


Personal information stored in Kakao Talk, a popular free mobile messenger service with an estimated 30 million users in Korea alone, has been found to be vulnerable to smartphone theft and loss. This is because even if a smartphone is protected with a password, it can be hacked into with simple technology.

Kakao, the provider of Kakao Talk, said, “If one subscribes to Kakao Talk with a new smartphone, the data stored in Kakao Talk from the previous smartphone gets deleted.”

Yet smartphone data in Kakao Talk has been found to remain intact. So the fear is that a person who finds another user`s smartphone or buys a used one can retrieve sensitive personal information, including Kakao Talk profiles, contents of dialogue, and contact numbers of the former owner and use it for crimes such as phishing.

To confirm this, The Dong-A Ilbo’s industrial news desk conducted a test on information leaks from Kakao Talk with a team led by information security professor Kim Seung-joo of Korea University on Aug. 28-29.

Kakao included an automatic delete function in Kakao Talk to prevent Kakao Talk data from being leaked due to loss of a smartphone and other factors. Kakao claimed that if the person who loses a smartphone installs the Kakao Talk app on a new smartphone and enters his or her phone number, Kakao Talk data in the previous smartphone will get deleted remotely. A test showed, however, that Kakao Talk data remained in the smartphone that was lost or sold.

Accessing Kakao Talk data that remained in the lost smartphone was not hard, either. Through “Rooting,” which the owner of a used smartphone gains authorization to manage the device, locate files storing Kakao Talk data, and then links the database program with the smartphone, he or she can view the data.

Apple iPhones as well as Android-based smartphones including Samsung Electronics’ Galaxy S series were found to be vulnerable to such a risk. Relatively more difficult, however, was retrieving personal information from the iPhone because its rooting process is somewhat complicated.

Unlike what Kakao claims, data apparently do not disappear from a smartphone because “the command word for complete deletion,” which is designed to completely delete existing data, is not incorporated in the Kakao Talk app.

Professor Kim said, “A command word designed to erase data not only on the screen but also in the smartphone device should be available, but we couldn`t find it. The problem is that we can easily find a way to gain personal data stored in Kakao Talk on the Internet.” “Apart from simple loss, people also steal smartphones to retrieve personal data in many cases,” he added.

According to the National Police Agency, the number of reported smartphone losses increased from 1,107 cases in January 2010 to 10,520 in January last year and jumped to 55,205 in January this year.