WhatsApp: the most secure instant messaging service… Finally.

Image courtesy of Luis at Flickr.com

Some of you may have noticed a sign pop up in your WhatsApp messages recently stating that your messages are now secured with end-to-end encryption. They had been working on this integration for the past year and a half and finally last week it went live making it the most secure instant messaging service out there. It ties into a huge debate occurring right now about encryption, which has been even more controversial since the FBI sued Apple for not aiding them in entering the phone of a San Bernardino shooter. So, what does the integration mean for WhatsApp and the rest of the encryption debate.

What users are now experiencing is a strong security system designed by Open Whisper Systems. Some have even speculated that this same encryption will be spread to other messaging services in the hopes to offer users maximum safety.

What is encryption?

In today’s technological world most of our communication is handled via email, social media or messaging services, which leads to a scary thought, can people eavesdrop and take a peek at your private either personal or corporate messages. Even though encryption has been around for a very long time, it has now become relevant as a means to protect your information in this digital age. Encryption is the best way out there to secure your data. Once a file is encrypted it can only be opened and read if you have access to the key or password that will allow you to decrypt it. If it is encrypted it is referred to as a ciphertext, whereas if it’s unencrypted it is known as plain text.

What’s been the news on encryption lately?

It was all over the news for weeks as Apple fought against the FBI in an effort to defend their constitutional rights, and even though the case was dropped because the government was able to unlock the San Bernardino shooter’s phone without Apple’s assistance, the debate is definitely not over. Just today they are appearing before the congressional committee once again to continue to debate on encryption. You can even tune in to the live hearing on April 19 at 10am ET. In the middle of all of this heated debate WhatsApp decides to go and introduce new measures to protect even more the content on our digital conversations.

Image courtesy of The Wild Blogger at Flickr.com

Why did WhatsApp make this move?

WhatsApp, a Facebook-owned instant messaging service, faced an embarrassing public moment when they in May 2011 it was discovered that they had a security flaw. This flaw gave way to the possibility of user’s accounts being hijacked and this way gaining access to all of their incoming messages and traffic. Although they release a new app this was not a solution to the problem, since everything was still sent in plaintext. The image of having one of the most important and used instant messaging apps coined as having poor security was in definite need of attention. Despite rising popularity of the app the problem persisted in 2012 with a hacker posting information of another major hack that allowed them to change any user’s status. In response, they launched later that year a cryptographic method replacing the plain text, which ended up being broken. This brought on even more criticism. In late 2013 a university student identified yet another flaw demonstrating that they decryption method was weak since it used the same encryption key on both sides of the conversation. So basically this meant if someone with basic technical knowledge on decryption wanted to take the time to try to decrypt your messages, they still could. Finally, in 2014 WhatsApp was found to have a two out of four on the Electronic Frontier Foundation’s secure messaging scorecard. It lost points due to all of the issues it has had over the years with encryption, not having a way to identify the user and not having a well-documented security design.

In November 2014, the new owner of WhatsApp decided to take cards in the matter and made a partnership with Open Whisper Systems who planned on using TextSecure to enable this end-to-end encryption. TextSecure is a service that uses a cryptographic key that will make it unique in each device this way being the best way to protect its users.

Now

Image courtesy of El Taller del bit at Flickr.com

After launching this new encryption, especially during the debate on encryption occurring in the United States between private communication companies and the government, WhatsApp did comment saying: "While we recognize the important work of law enforcement in keeping people safe, efforts to weaken encryption risk exposing people's information to abuse from cyber criminals, hackers, and rogue states,"

On the FBI’s side there has been no comment on the WhatsApp new system, but they have said this in general about their position on encryption: "We must ensure both the fundamental right of people to engage in private communications as well as the protection of the public. ...We are seeing more and more cases where we believe significant evidence resides on a phone, a tablet, or a laptop -- evidence that may be the difference between an offender being convicted or acquitted. If we cannot access this evidence, it will have ongoing, significant impacts on our ability to identify, stop, and prosecute these offenders."