No one even half-interested in IT and mobile telephony could have missed all the stories about WhatApp in the news lately. Since it was acquired by Facebook in 2014, its growth has been uncontainable. WhatsApp now boasts over a billion users each month who send over 30 billion messages per day and they have strengthened their security over recent years by adding two-step verification and automatic end-to-end encryption.
The security protocol used by WhatsApp is partly based on a system developed by Open Whisper Systems which shares basically similar functions and, crucially, is also fully end-to-end encrypted. End-to-end encryption (E2EE) ensures that only the communicating users can read the messages. These systems are designed to overcome any efforts at surveillance or tampering since no third parties are able to decipher any data being communicated or even stored.
For the majority of the population, such techno-jargon is a foreign language, but it took the Home Secretary Amber Rudd's tour of the UK's TV studios on Sunday 26 March to bring the issue into public focus. In her view, E2EE should be banned, pleading that the government needs to be sure that systems like WhatsApp cannot enable 'dangerous' communication.
Cyber security experts have already dismissed Rudd's demands on the basis that they imply a misunderstanding of encryption and the technology involved. Furthermore, the idea of banning encryption from over a billion users' messages makes a mockery of public privacy.
According to Henry Burrell (http://www.pcadvisor.co.uk/feature/internet/how-secure-is-whatsapp-whatsapp-security-encryption-explained-3637780/), creating a backdoor into services like WhatsApp would "compromise the security of millions of users' data". He goes on to cite a Guardian report quoting Liberal Democrat home affairs spokesman, Brian Paddick, as saying that, “My understanding is there are ways security services could view the content of suspected terrorists’ encrypted messages and establish who they are communicating with.”
The Guardian also implied that there was such a thing as a "back door," which Tobias Boelter, a cryptography and security researcher at the University of California, says could "disclose its messaging records... [and] effectively grant access due to the change in keys" at the request of government agencies.
Brian Acton, co-founder of WhatsApp, refutes The Guardian's claim. (https://www.reddit.com/r/Android/comments/5nq201/whatsapp_backdoor_allows_snooping_on_encrypted/dce86wa/?st=iy06uhud&sh=526e1451) Commenting via Reddit on an Android article, he states: "The Guardian’s story on an alleged “backdoor” in WhatsApp is false. WhatsApp does not give governments a “backdoor” into its systems. WhatsApp would fight any government request to create a backdoor. Since April 2016, WhatsApp messages and calls are end-to-end encrypted by default." He points out that WhatsApp offers people a security notifications feature that can verify who they are communicating with. WhatsApp have published a technical white paper (https://www.whatsapp.com/security/WhatsApp-Security-Whitepaper.pdf) explaining their implementation of end-to-end encryption.
One irony that has emerged in all this is that, often, companies concerned with promoting cyber security are those that wind up suffering for it in the end!
It's not only WhatsApp that are having issues. A number of cyber security threats have been flagged up for 2017, which you can download to see here: http://go.flashpoint-intel.com/ga/
Posted by:
CloudScope Recruitment