What’s Up with WhatsApp’s Message Encryption System?

What’s Up with WhatsApp’s Message Encryption System?

WhatsApp is used by over a billion people worldwide – that’s billions of messages, all allegedly private, secure, and protected by the end-to-end encryption provided by Open Whisper Systems. But are your private messages really secure?

End User Encryption Vulnerability

In early January, 2017 a ‘Backdoor’ was found in the WhatsApp system that could potentially give a third-party access to your messages. A ‘Backdoor’ is either placed by design, or by shortcoming, and it allows for unauthorized access to data, in this case, your messages. WhatsApp has previously stated that their popular messaging system is completely secure and encrypted, and indeed their encryption protocol is very safe. The problem lies not in the protocol itself but in the way it is implemented.

Defect or Feature?

When confronted with this security problem, Open Whisper Systems’ suggested that the vulnerability is not a defect, it is in fact a feature of most standard end-to-end encryption software. It seems that when posed with the dilemma between ultimate security and streamlined user-experience WhatsApp chose the latter. While they have clearly and publicly declared that they would oppose any request, even from a government department, to gain access and / or monitor user activity, there is a vast difference between choosing not to divulge information and blocking any access to it.

So what does this security vulnerability mean for the end-user? The detail lies in WhatsApp’s ever-changing encryption key that is broadcast by a contact and is not verified by WhatsApp security. Each time a contact broadcasts a new encryption key, it is not re-verified so as not to cause a break in the message delivery process.

How to Protect Your Messages

If you’re conscious about your privacy, it’s important to verify the encryption keys broadcast by your contacts before you send messages. Enable security notifications in the application itself and make sure that you manually accept and verify each encryption key broadcast by your contacts. However, you should be aware that this does not promise airtight security, seeing as WhatsApp will only notify you that the encryption key has changed after your message has been delivered. If you want to be extra cautious, conduct your private conversations on platforms like Signal that chose security over user-experience, and enable the verification of new keys before they are used.

Cyber attack on hotel’s computers left guest locked out

Cyber attack on hotel’s computers left guest locked out

After having its systems frozen by hackers an Austrian high-end resort is dumping electronic room cards for old fashioned locks and keys. The management in the Austrian Alps, of Romantik Seehotel Jaegerwirt, said that they have been repeatedly targeted by cybercriminals. One latest infection with ransom applications, on Dec. 6, led to an entire shutdown of resort computers. The couple needed to pay 1,500 euros worth of the electronic currency bitcoin to restore their network. hotel room card key

The story of the hack of the resort was broadly shared after several publications erroneously reported that the ransomware led to guests being locked in or from their rooms. But Brandstaetter stated that the attack only led to new guests being not able to get the keys to their rooms for a couple hours. New arrivals were treated to champagne and went trekking or skiing in the interim, she said. The spate of electronic intrusions has prompted the resort to update its network. Most radically, she said the resort would eventually go back to the lock and key system as in times of our grandpas.”