Whom Are You Chatting With?

Instant messengers (IMs) have become a very popular and convenient tool for communication. Having started with simple presence protocols, IMs now support exchange of text, sound, video, even game playing. Tons of informa- tion are being daily exchanged through IMs. Still, it seems that IMs favor functionality over security. Most popular IMs (MSN, Yahoo! messenger, ICQ etc...) send data as plaintext which, as such, can be recovered using a simple sning tool. In this study, we investigate security issues in the authentication and message transmission of popular IM protocols. Our investigation is twofold. The rst part is evaluating the protocols and the second evaluating the specic implementations of them by popular clients. We also describe sning, Man in the Middle and fake server attacks and evaluate the resistance of the protocols against them. We discuss ways to exploit the current vulnerabil- ities, and give reasons for their birth. Finally we discuss how the current vulnerabilities can be xed and how future ones can be avoided.