01 June 2016 ~ 0 Comments

WhatsApp adds secure message encryption

WhatsApp recently announced that it has added end-to-end encryption to all its messages. We previously looked at how governments spy on your mobile but what is the implication of this change for the over one billion people who use the application? And what does encryption actually mean?

Seen in the light of the recent battle between Apple and the FBI to give the security agency access to private messages and information, this is a significant move by the Facebook-owned company. It means that WhatsApp are physically unable to give third parties access to messages, images, and even voice recordings since the messages are encrypted and the company has no access to the content of these messages. The company is one of first communication platforms to offer full end-to-end encryption, which is on by default. It is likely that other companies will offer a similar service soon.

“The desire to protect people’s private communication is one of the core beliefs we have at WhatsApp, and for me, it’s personal”, said Jan Koum, one of the app’s founders who was raised in Ukraine under Soviet rule. “The fact that people couldn’t speak freely is one of the reasons my family moved to the United States,” he said on WhatsApp’s official blog page.

End-to-end encryption is the jumbling of information using a “key” to then decrypt it. What happens is that each party has a couple of keys, one which is public and one which is private. Only the sender and recipient of the message are able to see the contents of the message. True end-to-end encryption is known as “zero knowledge” which means the platform responsible for hosting the message (WhatsApp) has no knowledge whatsoever of the information contained within the message.

Users do not need to activate encryption. It happens automatically and also applies to WhatsApp calls. You can check if encryption is working by tapping on the message which comes up after you have sent your message. It should read as follows: “Messages that you send to this chat and calls are now secured with end-to-end encryption.” You can then view a QR code and a 60-digit number. You can also scan your QR code or compare the 60-digit number with the person you are chatting with. We’d also recommend updating your security settings so all security messages are displayed – this might help you avoid man in the middle attacks that could compromise your communications.

The decision to enable end-to-end encryption on all WhatsApp communication has not met universal approval. Many governments are unhappy that there is no way to access private messages and in the UK politicians have proposed banning the technology or forcing companies to install backdoors that would weaken the security so that messages can be read by spies.

Of course, this shows an alarming level of technical illiteracy and failure to think through consequences by politicians. Not only will intentionally weakening encryption technology have severe and troubling repercussions for the functioning of the internet as a whole, it is trivial for anyone with nefarious intentions to simply switch to other, mathematically-proven, encryption algorithms and it will only weaken the security of normal people.

Continue Reading

22 March 2013 ~ 0 Comments

Blackberry refutes security claims

blackberry gchqFollowing our report yesterday, BlackBerry have manoeuvred swiftly to deny claims that they have had their security cleared rejected by the UK government. They have been very quick to get an official statement from the UK government and to submit press releases correcting similar stories in major press publications.

BlackBerry’s statement reads as follows:

BlackBerry has a long-established relationship with the Communications-Electronics Security Group (CESG) and we remain the only mobile solution approved for use at ‘Restricted’ when configured in accordance with CESG guidelines.

This level of approval only comes following a process which is rigorous and absolutely necessary given the highly confidential nature of the communications being transmitted. The current re-structuring of this approval process, due to the Government Protective Marking Scheme review and the new CESG Commercial Product Assurance scheme has an impact on the timeline for BlackBerry 10 to receive a similar level of approval.

BlackBerry also went to pains to emphasise its security clearances in other jurisdictions. Its statement went to great length about how the BB10 operating system has attained FIPS 140-2 certification. This is a US government computer cryptography security accreditation. Although they don’t mention which level BlackBerry 10 devices have been validated at and Security Level 1 is pretty basic, this does demonstrate that BB10 is trusted by other government bodies. BlackBerry also mentioned that the German government’s Bonn-based Bundesamt für Sicherheit in der Informationstechnik (BSI or Federal Office for Information Security) are also using BB10 devices and that they are continuing to liaise with CESG to get approval from the UK government.

Despite these statements, analysts suspect that BlackBerry 10 may still be in some trouble. The response to their new flagship devices, the Q10 and Z10, has been somewhat underwhelming in Europe. There was an initial surge in sales from diehard fans when the smartphones were first released back at the beginning of the year, but commercial figures have slumped significantly since then.

In fact, many retailers are currently burdened with lots of excess stock of BB10 devices. This has resulted in discounting of these smartphones already. The situation is also the same in Canada with a significant dip in sales in recent weeks. BlackBerry’s Z10 will go on sale in the US today and the company will be desperately hoping for a strong result when the sales figures first come out. They will be desperate to reverse the trend that has seen market share plummet from over 20% to just under 6% in the last 30 months.

There is good news from the stock markets though. On Wednesday there was a significant spike in the share value of BBRY. The price went up by about 6% following reports that Morgan Stanley’s a managing director of technology, Ehud Gelblum, reversed his previous assessment and publicly backed them as a buy recommendation. The only negative thing about this otherwise-promising development is that Gelblum’s call isn’t necessarily based on BlackBerry’s positive aspects but rather more based on Windows Phone 8’s shortcomings leaving a gap in the market.

What do you think about this? Will BB10 eventually get certified for Restricted access by the UK government? Are the sales of the Z10 and Q10 going to pick up? And will BlackBerry be able to turn around their fortunes over the coming year?

Continue Reading