Claims that all encrypted messengers are vulnerable, and especially Whatsapp. The material made a lot of noise, but is it really that sad? Internet security company Open Whisper Systems claims that nothing new was written in The Guardian and Whatsapp was "run over" in vain.
Last spring, Whatsapp released the biggest update in its history - it added a forced end-of-line encryption feature, which essentially means no one, including Whatsapp, can read your conversation. Yesterday's investigation by The Guardian presents the opinion of an expert who claims that Whatsapp deliberately left a “backdoor” in its code for possible interception of messages by intelligence agencies and other interested parties. The Whatsapp developers themselves argue that this is not at all the case, and that the potentially unsafe behavior of their application is nothing more than making life easier for its many users.
The security of Whatsapp correspondence was developed with the help of Open Whisper Systems, the same company that developed the most secure messenger in the world - Signal, and in its blog the company describes in detail how everything works. The Signal protocol is implemented in WhatsApp (and it is also implemented in the recent Google Allo), which gives each user two security keys: a public key, by which other users can identify him / her, and a private one. private keyto be pinned to the device. Since people often change their phones and reinstall applications, the security keychain will change accordingly. Users can ensure the privacy of their communication inside Whatsapp by checking the security code on each device participating in the conversation - if the codes match, this will mean that there is no interception of messages between the interlocutors (this type of attack is called man-in-the-middle, MITM).
The Guardian is based on an investigation by Tobias Belter. He claims that the Whatsapp server can be hacked at the request of third parties. That is, WhatsApp can generate new key security and give it to these same third parties until users notice that something has happened. In the Signal app messenger, any change of the security key results in the impossibility of sending a message and in a security warning, and all this happens before the user is going to forward the message again and independently. In Whatsapp, the user receives a notification about the key change, while the message will be automatically recoded under the new key and sent to the addressee. That is, you can only later find out whether the new key really matches your addressee. Despite the fact that such a setting for a warning in your Whatsapp still needs to be enabled manually:
This behavior of Whatsapp at Open Whisper Systems is explained by the ideological ease of use of the messenger. Also, Whatsapp servers do not know who turned on the alert setting and who did not - so a hacking attempt can be quickly detected. In any case, Whatsapp “lawyers” insist that such a security policy can be called whatever you want, but it is not a vulnerability or a backdoor. This is a "feature".
Many Western security experts agree with Open Whisper Systems' findings:
It's ridiculous that this is presented as a backdoor. If you don’t verify keys, authenticity of keys is not guaranteed. Well known fact.
Frederic Jacobs (@FredericJacobs)
Users of the popular messenger are often interested in the question “ end-to-end encryption ". Does it really provide privacy for conversations? To answer, you will need to consider modern mechanisms for encrypting information, existing threats and how Watsap deals with them. As a preliminary summary, let's say that this messenger is one of the most secure, along with Telegram and Viber.
The benefits of end-to-end encryption
Throughout the existence of writing, people have looked for ways to hide the content of correspondence. With the proliferation of electronic communication, fast and reliable encryption methods were needed, the results of which could not be cracked in a reasonable time.
The result of using end-to-end encryption is that only end users who communicate with each other can access the information transferred to them, regardless of its form: text, photo, document, sound or video.
For complete security, WhatsApp encryption is always enabled and cannot be disabled. This means that not only all correspondence, but also each message is encrypted with a separate key, a pair for which is only in your interlocutor How can a stranger read it, and is it possible, in principle? The only way to do this is to steal your phone.
Top security threats
Encryption confirmation
- Enter the chat, click on the contact and open the window " Contact details».
- Please select "Encryption". A 60-digit digital code and QR code will appear.
- If your interlocutor is nearby, he will confirm his identity by scanning the code. If it is not available, you can copy the digital code and send it to e-mail or SMS for comparison.
After successful confirmation, a guarantee appears that the conversation is encrypted and is really happening with your interlocutor.
We figured out how to set up end-to-end encryption in WhatsApp, how secure it is and how to avoid possible threats to your privacy. For greater security, delete irrelevant correspondence, as data on WhatsApp servers is stored only until it is received by the end subscriber. Therefore, if you delete the received messages, they will disappear in the full sense of the word.
The description for the WhatsApp messenger indicates that it works on the principle of end-to-end encryption. This feature is considered one of the main advantages of the program. But not all users understand what is behind such a name. For many people, the logical question is: "What is WhatsApp end-to-end encryption?"
Features:
In classic messengers, the following scheme of correspondence between users: a message is sent from the first device to the developer's server, and from there it is delivered to the addressee. IN modern applications, to which Watsap belongs, it has been slightly changed.
The message is now encrypted on the smartphone before being sent. It comes to the server not in the form of typed text, but in the form of chaotic characters for a person. From there, the message is redirected to the recipient's smartphone or tablet, where it is decrypted. An encryption key is a sequence of characters that defines the "alphabet" of the cipher. This is some form of the alphabet. But in the case of Watsap, the key is unique for each device. Rather, there are two of them: the first is responsible for transforming the text when sending, the second - when receiving.
It is only possible to hack such a system if you know this WhatsApp encryption key. And it is recorded directly on the user's device. Such is modern protection in the messenger.
Configuring end-to-end encryption
There is no provision for disabling end-to-end encryption by the WhatsApp developers. This is even mentioned on the official website of the application. This decision is quite logical, because the safety and security of personal information has always been important for users. And if you deactivate this function, then the security will go away.
However, it is worth mentioning that not everything is so categorical. If you are looking for how to remove end-to-end encryption in Watsap, then there is such a method. It is enough to install an old version of WhatsApp on a smartphone or tablet, where this function was absent.
But in this case, no one can guarantee that strangers will not get into your correspondence. It should be borne in mind that for installation old version the program will need to disable protection on the mobile device.
In the case of Android, everything is simple, just activate the "Install from unknown sources" mode in the developer settings menu. But iOS requires a jailbreak - a jailbreak option - that can break your iPhone or iPad.
Attention: on official page WhatsApp is missing a section where older versions can be found. This means that you have to download the application from third-party resources, which may contain viruses.
The messages you send to this chat and your calls are now encrypted. Thus, WhatsApp and third parties do not have access to them. This is the window that many WhatsApp users have seen recently, including me.
What does this mean for us? Now communication via WhatsApp, thanks to end-to-end encryption, has become more secure for users.
How does WhatsApp encryption work?
Whatsapp encryption works like an end-to-end encryption i.e. no one, including within the company itself, will be able to read any content in chats, both between users and in group conversations. Everything is encrypted, including forwarded messages, photo and video materials, voice messages... Apart from this, encryption is also included for voice calls.
The first popular messenger that introduced encryption was Pavel Durov's product - Telegram. His concept was originally designed to provide secure communication. According to Durov, he was amazed at the revelations of a former employee of the US NSA, Edward Snowden, who reported the total surveillance of the US government over its citizens, as well as citizens and leaderships of other states.
How to enable WhatsApp message encryption
You don't need to do anything specifically to enable encryption. It already enabled by default for all users of this messenger. (and WhatsApp has about a billion). It is enough to update your version to the most current one. If one of the participants in a group conversation or chat does not have the latest version, then encryption will be disabled.
Can you find out if it's worth latest version WhatsApp at your interlocutor by looking at his info.
When you see the picture of a closed padlock, you can be sure that encryption with this contact is enabled. If the lock is open, then it has not yet updated its version to the latest.
Can encrypted WhatsApp messages be hacked?
No one has yet proven otherwise.
It should be noted, what's under burglary This means interception of WhatsApp traffic by third parties - for example, special services, your Internet provider, or an intruder in a cafe where you use open point access W-Fi.
Method reading someone else's correspondencethe one I described uses social engineering, so it's still relevant. When your device falls into the wrong hands, even the strongest encryption algorithm will not help. To protect yourself from it, put a password on your smartphone, or to launch a specific application.
In one of the articles, we talked about how you can get information from the Telegram messenger using the example of Android and iOS devices. Today we will talk about the mechanisms for encrypting and decrypting data in the WhatsApp messenger.
Introduction
Almost every one of us uses various applications for calls and sending messages in our daily life. This type of communication has its advantages: it is convenient and free. Currently, there are many different messengers (WhatsApp, Telegram, Viber, etc.), and each user sooner or later asks the question - how safe is it to use this or that messenger. We wrote about Telegram security in the article.
It should be noted that this issue always worries attackers who also use this type of communication to communicate with each other.
Figure 1. Comparison of messengers
On this topic, readers are also likely to be interested in the detailed one that we recently published.
