News

WhatsApp security system: the truth about the end-to-end encryption

22/07/2016

This article will be an all-inclusive guide to understanding WhatsApp security new system. We will explain in detail the new end-to-end encryption.

WhatsApp Security end to end encryption

WhatsApp security has had issues in the past. There were many threats on the WhatsApp security system because of exploits in glitches. Not too long ago it was discovered that you could crash someone’s app by sending a 7-megabyte message or a 2-megabyte message with special characters.

In order to fix the app, you would have to delete the thread while the person or bot that sent you the messages can have access to your app data. You would then have to restart the WhatsApp. Restarting the app might not be a big deal to some users but other users need WhatsApp for business purposes. Users with important clients can’t afford delays.

Another added threat that has been exposed within the last year is bypassing privacy settings. For example, you could download an app called Whatspy Public that monitors status messages, user photos, status changes and even adjusts security settings to someone else’s WhatsApp. Whatspy Public can do this even if the person has their privacy option to “nobody”.

Users also have to worry about malware online that pretends to be a client in order to get information. These fake download links are a way that users can give hackers or bad malware access to their content. These WhatsApp security concerns have been a lingering problem. With this WhatsApp security risk, a threat on the software seems imminent.

However, all that is changed. WhatsApp Safety has recently been beefed up. A new end-to-end encryption has been implemented so that WhatsApp privacy is maintained. There are many questions people would like to know.

For example, “how to make WhatsApp secure” or “how to make WhatsApp private.” With the new system in place, WhatsApp already addressed a lot of these issues. This article will be an all-inclusive guide to understanding WhatsApp new system. Hopefully this article will give you piece of mind.

About WhatsApp security

What is end to end encryption? End-to-end encryption is a system of communication by which the only people who can read/decrypt the messages are the people communicating. Usually companies will just have their users accounts encrypted.

That means the only entities that can decrypt messages would be the company and the people exchanging messages. This can be a problem because if the company has the key to your messages then so does hackers.

whatsapp encryption

Hackers can hack the company and be able to read your messages if they wanted to because the actual company itself has the decryption software. With end to end encryption, the company doesn’t have the option of decrypting your messages.

Translation: the company can’t read what your conversations about. Even though WhatsApp can no longer read your conversations, this will benefit them because it makes the system so much harder to hack.

Hackers and malware programs have to go a step further in order to get personal information about users. Only the endpoint computers have the cryptic messages and the company acts as an illiterate messenger.

The servers within the company won’t be able to read and decipher your messages, but only send them. You might be asking, “if the company doesn’t have access to the cryptic key then how will your device have a key.”

The answer is simply. The solution is called public-key encryption. In public key crypto systems, a pair pf keys are generated mathematically by a program on your computer. One of the keys is private, and is used for decrypting messages sent to you.

This key never leaves your device. The other key is called the public key which is used for encrypting messages that are sent to you. It is set up so that only the corresponding private key can decrypt the messages from the public key. That key can be shared with anyone who wants to encrypt a message to you.

Those are only the positives of end to end encryption. It is about time I talked about negatives. Nothing is impervious from being hacked. Any piece of technology can be hacked. Hackers either must work harder to hack your device or simply create a new innovation to make hacking easier.

If a hacker wanted to get the decrypting key, all he or she would have to do is impersonate a message recipient so that messages are encrypted to their public key instead of the one the sender intended. Some would argue that this makes stealing information easier because malware isn’t needed.

One could simply just pretend to someone their not to earn the trust of the person they want to steal information from. To counter this, WhatsApp has created a verification system to make sure no one’s information is stolen. At the end of the day though, the verification system can be breached.

Ultimately, what the new end to end encryption does it put the power within the user’s hands and not the companies. Be careful who you talk to because if you aren’t then you are setting yourself for failure. WhatsApp knew this system would be an improvement from its old system because hacking the company would not give up customer information like it would in the past.

The only thing they would be able to get would be consumer data. However, malware stealing consumer data doesn’t hurt the consumer but the WhatsApp company itself.

How to Enable WhatsApp End to End Encryption

whatsapp securityThere is great news. The feature is already available by default in WhatsApp. User don’t have to do anything to receive the end-to-end encryption. This is only true if both you and your friends have the latest version of the app download on your device.

All chats between individuals are already end to end encrypted. Some other apps, only have the end to end encryption feature on if the user adjusts the settings. WhatsApp has the feature on at all times. Users will not have the option to be able to switch on and off with end to end encryption. This saves the users from themselves.

If they were allowed to adjust the settings in this way, there information could be more likely to be stolen from hackers. Users must be on the same versions of WhatsApp to make sure their chats are end to end encrypted.

If one person doesn’t have the app update, then messages received or sent are unsecure. If you have already updated the app, when you start a chat with someone else, you will see a message that says, “Messages you send to this chat and calls are now secured with end-to-end encryption. Tap for more info.”

What if my Friends don’t have the Update?

Before any user can update to the new software, there will be some terms and agreements you have to read. But let’s be honest here, no one reads the terms and agreements. To make the transition as smooth as possible, WhatsApp will notify users when said user’s chats become end to end encrypted.

The system is already in place so users will see a notification on their conversation screen as their individual and group chat messages become end to end encrypted. Additionally, the encryption can be clearly seen on the chat message screen.

Once a user see’s that his or her contacts as being fully end to end capable, WhatsApp will not permit transmitting plaintext or unencrypted messages to that contact, even if said contact were to uninstall updates to a version of the software that isn’t end to end encryption capable.

WhatsApp prevents the company server or hacker from being able to perform a downgrade attack. Eventually all the non-end to end encrypted user’s account’s will expire and new versions of the Whatsapp software will no longer transmit or accept plaintext messages at all.

Verification

According to status quo, WhatsApp users verify the authenticity of their encrypted session with other users. Like some other apps, verification can be confirmed by either scanning a QR code or by reading words or phrases aloud.

WhatsApp updated the Signal Protocol to be compatible with a numeric fingerprint format, which WhatsApp then calls security codes. Signal Protocol is the software name fro the program that runs end to end encryption.

Signal Protocol allows users to call other signal protocol users on IOS and android. It also prevents malware attack against end to end encryption in general. Signal Protocol creates a numeric fingerprint format. A completely numeric fingerprint format has a several large advantages. They’re easy to localize.

Localization makes it easier for the company to bounce messages around the server. WhatsApp has a billion active users across the globe, so a numeric system must be set in place to arrange all these messages being sent around the globe.

Using a single numeric programming language wouldn’t be the best plan because Whatsapp is global. All the programing languages within WhatsApp can be localized to ensure the data is sent efficiently. Also this app’s users can choose a preference which notifies them every time the security code for a contact changes.

For more information about all the minor details about all these settings. You would have to read the updated terms and conditions.

Trusting the User

At the end of the day, WhatsApp can use all this cool technology to make their systems less hackable but user can also make a difference. The last step you can that ensures that you are communicating with the person that you want to communicate with requires that you meet that person face-to-face.

No hacker can copy face to face interaction.

One of the many settings that you change is the setting that notifies you if your friend changes device. This is important because if someone steals the sim card from your friend’s phone and puts it into a new phone, they could impersonate your friend.

If you are notified that your friend changed devices. You can be a little bit more cautious with how you accept people into your chats. Enabling this setting can help determine if you are communicating with an imposter. Follow these tips that you can use to help adjust your settings.

Go to the “Settings” icon at the bottom right on the WhatsApp screen and open up the account settings area and turn on “Show security Notifications.”Also give WhatsApp permission to use your camera. You may have already done this when you installed the app but if you haven’t then you should.

Open a conversation with your friend and select the name on the top of the chat. You will see the information about the encryption and can tell if your friend’s info has changed.

Conclusion

WhatsApp has over a billion active users across the plane and are now using end to end encryption to make their technology better is going. During years the come to innovation for this company won’t stop.

As time goes on Whatsapp can and will develop new and better way to both process and send data that is more secure. Hackers will eventually find a way to easily hack the new system but no before better security tactics are advanced. The overall goal is to increase privacy and security. If users don’t feel like they are secure, then there is no point in using the app at all.

I would recommend that they add another security update in the future. Whatsapp should implement a password on Android and Iphone users to better boost security. If someone steals your phone or the phone of a friend, then they will have access to your conversations and contacts.

If Whatsapp creates a password service, then the app would become even more secure than it already is. Hopefully, users can get this update in the future but for now I am happy with Whatsapp progress.





You Might Also Like