What’s Up with WhatsApp’s Message Encryption System?

What’s Up with WhatsApp’s Message Encryption System?

WhatsApp is used by over a billion people worldwide – that’s billions of messages, all allegedly private, secure, and protected by the end-to-end encryption provided by Open Whisper Systems. But are your private messages really secure?

End User Encryption Vulnerability

In early January, 2017 a ‘Backdoor’ was found in the WhatsApp system that could potentially give a third-party access to your messages. A ‘Backdoor’ is either placed by design, or by shortcoming, and it allows for unauthorized access to data, in this case, your messages. WhatsApp has previously stated that their popular messaging system is completely secure and encrypted, and indeed their encryption protocol is very safe. The problem lies not in the protocol itself but in the way it is implemented.

Defect or Feature?

When confronted with this security problem, Open Whisper Systems’ suggested that the vulnerability is not a defect, it is in fact a feature of most standard end-to-end encryption software. It seems that when posed with the dilemma between ultimate security and streamlined user-experience WhatsApp chose the latter. While they have clearly and publicly declared that they would oppose any request, even from a government department, to gain access and / or monitor user activity, there is a vast difference between choosing not to divulge information and blocking any access to it.

So what does this security vulnerability mean for the end-user? The detail lies in WhatsApp’s ever-changing encryption key that is broadcast by a contact and is not verified by WhatsApp security. Each time a contact broadcasts a new encryption key, it is not re-verified so as not to cause a break in the message delivery process.

How to Protect Your Messages

If you’re conscious about your privacy, it’s important to verify the encryption keys broadcast by your contacts before you send messages. Enable security notifications in the application itself and make sure that you manually accept and verify each encryption key broadcast by your contacts. However, you should be aware that this does not promise airtight security, seeing as WhatsApp will only notify you that the encryption key has changed after your message has been delivered. If you want to be extra cautious, conduct your private conversations on platforms like Signal that chose security over user-experience, and enable the verification of new keys before they are used.

Cyber Threats in 21st Century Transportation

Cyber Threats in 21st Century Transportation

Innovation in all industries is moving at lightning speed, and transportation systems are no different. Intelligent transportation systems (ITS) are created with a single goal: to improve the existing infrastructure of systems. Because of the major changes happening these days, traditional education and expertise in construction or civil engineering are no longer enough. Officials also have to be well-versed in technology. Sophisticated ITS systems are used to acquire and manage vast amounts of valuable data. This data is used to craft intricate technical specifications to optimize organisational flow.

Fraught with Danger

While ITS systems are invaluable to improving infrastructure, using ITS systems is charged with security risks. These threats have to be identified, understood, and correctly managed. Risks include:
– Loss of data
– Lost revenue
– Disclosure of sensitive information
– Electronic asset theft
– Service interruption
– Introduction of malicious software
– Cyber extortion
– Cyber terrorism

According to recent research, nearly 800 data breaches were tracked in the US in 2015. To avoid being a statistic, transportation firms need to improve security policies through risk assessment and due diligence procedures.

Identifying Risk

Although ITS may be responsible for data breaches, digital security issues also come from employees who may be negligent, steal data, lose or steal company equipment, or inadvertently install malware onto systems. Transportation agencies should ascertain where vulnerabilities lie, assess risks, and implement robust security programs.

The Problem with Insurance

As awareness of cyber liability grows, the demand for cyber insurance increases. It is important to note the deficiencies of standard commercial insurance. When it comes to cyber security, policy-holders are not thoroughly covered. Transportation officials can mitigate risk by requesting contractors to provide coverage for some of the risks, for example:
– Exposing confidential digital data
– Installing computer viruses
– Loss of service
– The criminal use of a computer system

With this kind of coverage, transportation officials may be able to recover some of the expenses that come with identified cyber and technology threats like fines and penalties, legal costs, losses due to identity theft, fraud, and data loss.

Insurance is Not Enough

Besides the recent revamp in the insurance world, there is also an increased awareness of cyber risk around the globe. This is creating a better understanding of the risks and how it can be managed. As research is done and reports are compiled ,it is becoming obvious that there is an enormous challenge in using ITS technologies to optimize transportation. Assessing cyber risks should be a priority when it comes to planning 21st century transportation projects. Even though cyber liability does not currently form part of the average transportation official’s vocabulary, it is an unavoidable reality.

Steps to Contain Cyber Risk

Transportation companies should start by identifying the issues, and then applying the following vital steps:
– Take a proactive approach to cyber safety
– Maintain insurance requirements with insurance companies and contractors
– Create cyber security protocols and policies
– Train staff members to be cyber-alert
– Maintain vigilance in all aspects of cyber risk, particularly in the IT department

By observing these guidelines, transportation companies can become equipped to manage the dangers of the cyber world as effectively as possible.