Want to test if data sent from your mobile apps is unencrypted? There’s (you guessed it) an app for that.
Specifically, there’s a free tool for that, designed and released by the University of New Haven’s Cyber Forensics Research and Education Group. Called Datapp, it is a Windows 7 program that essentially turns the computer on which it is downloaded into a Wi-Fi hotspot.
When a user connects his or her mobile device to the hotspot that Datapp has created, the program monitors HTTP traffic from the device and returns information on what data going out is unencrypted.
“Our goal was to create a system where a layman could click a button and see whether the images they’re sending are encrypted,” Dr. Ibrahim Baggili, an assistant professor of computer science at the Tagliatela College of Engineering and supervisor of the Datapp project, told Threatpost.
“It works with any HTTP traffic that is unencrypted. That’s the idea — to be able to test any app, and if it’s secure, it won’t show up on Datapp,” he added.
Asked by Threatpost about the possibility of consumer and business applications for the program, Baggili responded that there might be a call for that — particularly in light of the fact that unencrypted data is coming from highly visible applications such as Facebook Messenger.
“[Early testers] have really liked it,” he told the outlet. “We tried it at a couple of events where we had people connect and try out their apps. It’s eye-opening in many ways when people actually see it. People are at a different layer of abstraction. If an app works, that’s cool and all most people care about. But once they see their data all over the place with their own two eyes, it’s a different experience.”
Though Datapp is currently only available on Windows, Baggili shared with Threatpost that future versions could support more platforms. The program could also grow to support protocols other than HTTP as well as include the ability to target additional data, like voice and video traffic.