Showing posts with label encrypted. Show all posts
Showing posts with label encrypted. Show all posts
Sunday, February 5, 2017
WhatsApp Messages Are Now Encrypted by Default
WhatsApp Messages Are Now Encrypted by Default
The company says that the new feature is already available in the Android version of the Facebook-owned messaging provider, but the developers promised to work on an iOS alternative, as well as on encrypted messaging for group chat and media messages.
As you know, systems using end-to-end encryption are protected from breach due to the fact that the key, which unscrambles communications, is only stored on users’ mobiles. However, before the introduction of this feature, those keys were also stored by servers along with users’ phones, in order to provide Facebook or WhatsApp administrators access to messages.
Security experts point out that TextSecure encryption protocol is especially strong, because it uses a kind of “forward secrecy”. This means that a new key is being created for every message sent. The only other comparable service deployed on such a massive scale is, of course, Apple’s iMessage. However, the latter features one notable weakness: many people allow the system to back up their messages to Apple’s iCloud service, where protection isn’t as perfect.
In the meantime, Open Whisper Systems will continue to develop its other products, including RedPhone for Android, which will allow encrypted voice communications, and iOS Signal applications, which make protected calls and messaging.
The idea of the security developers is to make encryption the default on all devices. They believe that WhatsApp’s new encryption feature may not tempt some users away from TextSecure and Signal to Facebook, particularly if they are concerned about the metadata from their messages. Metadata is information that does not include the content of the communication, but only the additional info: the time and sides of it.
Although the developers didn’t comment on WhatsApp’s use of metadata, and on the topic of whether TextSecure was more secure as it wouldn’t share such data, they did say that TextSecure would always remain an application that is focused first and foremost on simple-to-use private communication.
Still, the suspicions are that handing such strong encryption to hundreds of millions of users may irk law enforcement bodies. As usual, any moves to protect private communication and prevent government from spying on people makes law enforcement bodies to suggest that encryption efforts will only benefit terrorists and other criminals. In respond, security experts argue that serious criminals have their own encryption instruments, which are just hard to use. Large-scale surveillance hurts only innocent Internet users.
Available link for download
Friday, November 4, 2016
WhatsApp Is Now Fully encrypted
WhatsApp Is Now Fully encrypted
Tweet
It’s a security project that’s taken around a year and a half to complete, but messaging giant WhatsApp has now fully implemented strong end-to-end encryption on its platform and across all mobile platforms for which it offers apps.
This means users of the latest versions of the messaging app will have their comms and media end-to-end encrypted by default. And there are a lot of WhatsApp users; earlier this year the Facebook owned company announced it had passed a billion active users.
Securing cross-platform video comms was the last piece of the puzzle, according to a WhatsApp spokesman.
End-to-end encryption means the content of communications are not stored in plaintext on WhatsApp’s servers. Nor is the company able to decrypt users’ messages to access them since it does not hold the encryption keys. So WhatsApp will be unable to be compelled to hand over messaging data — even if served with a warrant by authorities demanding access.
While the WhatsApp news may seem timely in light of the recent high-profile battle between Apple and the FBI over an encrypted iPhone, the company has in fact been implementing encryption since 2013, the year NSA whistleblower Edward Snowden triggered a global privacy storm by revealing the extent of government mass surveillance programs.
WhatsApp then went on to partner with Open Whisper Systems the following year, and has been integrating its widely respected end-to-end encryption Signal Protocol specifically since late 2014. In ablog post today the not-for-profit hacker collective behind the latter open source tech confirmed the WhatsApp implementation is now complete.
“This includes chats, group chats, attachments, voice notes, and voice calls across Android, iPhone, Windows Phone, Nokia S40, Nokia S60, Blackberry, and BB10,” it wrote. “Users running the most recent versions of WhatsApp on any platform now get full end to end encryption for every message they send and every WhatsApp call they make when communicating with each other.”
Although the completion of default end-to-end encryption is a hugely important security milestone for the WhatsApp platform, it does not mean that from here on in every communication sent via the app is end-to-end encrypted, because that’s reliant on all users being upgraded to the latest version of the software.
But the WhatsApp client will now notify users of the encryption status of chats, including showing a notice in the messaging screen, to help bridge the transitional phase:
“Eventually all the pre-e2e [end-to-end] capable clients will expire, at which point new versions of the software will no longer transmit or accept plaintext messages at all,” notes Open Whisper Systems.
WhatsApp users will also be able to confirm the person they are chatting with is the person they think it is, rather than an imposter performing a man-in-the-middle attack, by verifying the authenticity of the encryption session via scanning a QR code or reading aloud a number string.
For its part, Open Whisper Systems says it is looking ahead to additional rollouts of its tech, saying it will “continue to work with additional messengers” over the next year.
The group also has its own encrypted messaging app, Signal, which launched in March last year. Albeit, the question now is whether Edward Snowden will be switching to WhatsApp…
Available link for download
Subscribe to:
Posts (Atom)