WhatsApp end-to-end encryption update and security flaws: Last year, the worldwide popular messenger WhatsApp adopted an update designed to change fundamentally the global state of things in the matters of chatting securely. The project decided to integrate end-to-end data encryption model to the app.
The idea of end-to-end encryption implies the creation of 100% private chat for text communication between two users without third party access to the transmitted data. This restriction applies to Internet service providers and even the application’s support team. In its essence, this approach to data encryption requires protection from the operation of spyware applications Top10spyapps for deciphering textual correspondence. This effect is achieved by excluding the possibility to obtain a cryptographic key to the conversation through the communication provider. This concept even doesn’t exist in end-to-end data encryption model.
WhatsApp end-to-end encryption update and security flaws
WhatsApp application didn’t become a pioneer of end-to-end encryption use from among other popular messengers. Previously, Telegram reported on the same technology implementation, but only with the advent of end-to-end encryption for more than 1 billionth Watsapp auditory we can talk about it as global scale trend. By the way, another mega popular Viber messenger application supported the launch of this encryption system a little later and fixed the result in general.
The main task of implementing such kind of encryption is obvious. This is about guaranteeing total freedom of communication for people. For example, this allows you to protect the personal space of a citizen from monitoring by some government agencies. It is not necessary that you are followed by them, but the face of such opportunities is contrary to basic human rights.
So, the importance of using technology in terms of human values is invaluable. There are a number of good examples of state intervention in people’s lives.
For example, the Russian government has been making every effort to organize total control over the information inside the country for a long time. The new Duma bill is aimed at working with instant messengers and requires service providers (owners of popular applications) access to users’ correspondence. Federal Security Service (formerly the KGB) should control the messaging in this case. As pretexts, they make such statements, as the necessity of limiting the negative impact on the younger generation and terrorism prevention.
In the case of refusal, the companies are expected to face heavy fines from the Russian Federation. Founded by Pavel Durov, who left Russia, Telegram has refused requirements and has already faced with such problems. Telegram’s SEO explanations on the principles of end-to-end encryption didn’t help to solve the situation.
“To completely limit the illegal communication in messengers, the Russian government will have to shut down the Internet completely,” he said. And this makes sense when WhatsApp and others also switched to this algorithm.
Another example came from the more peace-loving Canada. A new fleet of surveillance aircraft bought in 2017 for Special Forces of Canada is equipped with mobile data interception system. Thus, during the observation flights, the Government of Canada will have the opportunity to collect personal information of country’s citizens.
The purchase is indicated by the state as “to improve understanding of the operational environment”, but security experts are already concerned about the possible abuse of technology.
In such circumstances, the data encryption in messengers is very important. But, as practice shows, this is not an absolute panacea from spying through messengers!
End-to-end encryption vulnerability
Israeli security firm Check Point found recently a new method to bypass WhatsApp’s end-to-end encryption. To open the channel using such WhatsApp track messages, you need to hide HTML code in a seemingly innocuous image. If the user makes a click on it with apps web version, the code starts working directly in the browser and gives messages, media files, and contact list data to a third party.
The similar problem is also relevant for Telegram app.
Errors have been corrected by both companies, but there is still space for hacking. Today, you can create and use a similar WhatsApp spy app.
And the problem of total Internet correspondence security is still open.