Hackers target devices, not the platform, because each end of an encrypted chat is a decrypted vulnerability. WhatsApp has had its security wobbles over the years, but its end-to-end encryption has not been compromised. The world’s most popular platform is end-to-end encrypted by default-it does this for individual chats and groups as well as for voice and video calls, again even when those extend to groups. In reality, though, you don’t need to look further than WhatsApp. Security professionals will always recommend the likes of Signal, where feature updates will only be introduced when they do not compromise security. Telegram does adopt a security-first approach, though, distributing the encryption keys it holds across different jurisdictions to frustrate any internal attempts-whether malicious or at the request of security agencies-to access content. The issue, it explains, is that in doing so it becomes impossible for users to easily access messages on different devices from central repositories or to restore their history when a device is lost and replaced. Telegram does not end-to-end encrypt by default. Moore also recommends Telegram-a slightly more complex option. “If you want private messaging use apps like Signal that offer end-to-end encryption.” “People should consider everything they say in Twitter DMs or via Facebook Messenger can become public sooner or later,” Opdenakker tells me. Moore advocates Signal-the platform of choice for cyber experts, with its security-first approach and no form of messaging back-up-as does infosec writer John Opdenakker. And when you use the current WhatsApp cloud back-up feature, you run that same risk- this, though, is now being fixed. Apple and Google messaging back-ups are not end-to-end encrypted, they basically store a copy of your phone’s decrypted data. There’s a warning in there for even the more secure messaging apps. In effect, it is impossible for hackers to steal something that the service itself does not possess.” The benefit of using end-to-end encrypted services is that data can be kept safe even in the event of the inevitable data breach because the service provider itself does not have the ability to decrypt user data. We also have strong data protections and safeguards in place that secures data at rest and restricts employee access to message content.”īut, as uber-secure ProtonMail points out, “the best way to protect data is to not have access to it at all. Facebook told me that “our servers are only in a handful of countries that have strong rule of law. They may use those keys if asked by law enforcement, but there is also a risk that rogue or tricked employees may do the same. The Twitter attack specifically framed the vulnerability when a platform holds the keys to decrypt your private conversations. “After the recent complications with Twitter,” Moore says, “it highlights once again the importance of end-to-end encrypted messages and privacy focused messaging platforms.” Twitter is not a private messaging platform-its volume of DMs is a fraction of those sent over Messenger. Twitter DMs are not end-to-end encrypted-just like Messenger, it’s been stuck on the roadmap for years. No-one should be surprised at Twitter’s admission that the recent hack of more than 100 users also tapped into private messages for 36 accounts. If you have any doubts, take a look at Twitter’s recent public shaming. “Although many may think the content in their messages isn’t personal, the real issue is that any information on you is open to abuse in the wrong hands.” “Users choosing to communicate via Messenger must understand the real threat to their information within such apps,” warns ESET cybersecurity guru Jake Moore. Apple’s iMessage and Google’s rumoured encryption plans for RCS-an SMS replacement-both provide an end-to-end encryption update option for SMS, still the world’s most pervasive mobile messaging platform.īut Messenger has more than a billion users-and unlike SMS it presents as an updated and fully featured alternative to legacy messaging. The straightforward advice is to stop using SMS if possible. But that has become fairly well understood now. This issues aren’t limited to Facebook Messenger, of course.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |