The Update We’ve All Been Waiting For: Full Encryption for All WhatsApp Chats

Why BolehVPN Will Not Offer ‘Lifetime’ VPN Subscriptions
April 4, 2016
Teen Sold His DDoS Tool Which Crashed Over 224,000 Sites For £4.99
April 12, 2016
Show all

The Update We’ve All Been Waiting For: Full Encryption for All WhatsApp Chats

yellow encryption bubble

If you are an avid WhatsApp user, you would have probably already seen this little yellow bubble in one of your chat conversations. Otherwise, you may have heard from a friend or colleague of the news. Afterall, WhatsApp is the most popular messaging application as of February 2016 with a user base of one billion active user accounts.

Previously, perhaps WhatsApp’s only shortcomings was its lack for more secure messaging, which was evident in the strong growth of other privacy-centric communication apps such as Telegram, which filled a void WhatsApp missed. However with WhatsApp’s latest version upgrade of end-to-end encrypted messages, the advantage of WhatsApp’s current encryption as compared to some other encrypted apps is that WhatsApp’s encryption will be switched on by default. Users do not need to actively select the encryption option (such as in Telegram’s ‘secret chats’) as once they have an encrypted conversation with someone over WhatsApp, it would not ever fall back to non-encrypted mode.

Just last Tuesday 5th April 2016, WhatsApp was excited to announce in a blog post from its founders Jan Koum and Brian Acton that end-to-end encryption was introduced to their highly-downloaded app across all types of devices.

The blog reads:

“WhatsApp has always prioritized making your data and communication as secure as possible. And today, we’re proud to announce that we’ve completed a technological development that makes WhatsApp a leader in protecting your private communication: full end-to-end encryption. From now on when you and your contacts use the latest version of the app, every call you make, and every message, photo, video, file, and voice message you send, is end-to-end encrypted by default, including group chats.

The idea is simple: when you send a message, the only person who can read it is the person or group chat that you send that message to. No one can see inside that message. Not cybercriminals. Not hackers. Not oppressive regimes. Not even us. End-to-end encryption helps make communication via WhatsApp private – sort of like a face-to-face conversation.”

 

What is end-to-end encryption anyway?

End-to-end encryption (E2EE) is a method of secure communication that prevents third-parties from accessing data while it is transferred from one end system or device to another. This means that the data is encrypted on the sender’s system or device and only the recipient is able to decrypt it. Nobody in between, whether they are an Internet service provider, application service provider or hacker, can read it or tamper with it because no third-parties can decipher the data being communicated or stored. If implemented with trusted algorithms, end-to-end encryption can provide the highest level of data protection.

 

WhatsApp’s encryption initiatives

In fact, Whatsapp had already been taking steps towards encryption for a few years now. Initially, the popular messaging service owned by Facebook had begun applying encryption to its messages sent on Androids in 2014. However, it was only limited to standard messages, and did not apply to group messages, photos or video messages. Only now has the company come up with their enhanced security by offering full end-to-end encryption across various more mobile platforms such as for the iPhone, Androids, Windows Phone, Nokia S40, Nokia S60, Blackberry and BB10. Additionally, the latest WhatsApp upgrade ensures that encryption now spans across all their messaging formats; be it in group messages from two or 20 people, making direct calls, exchanging texts, photos and videos, or sending files.

This latest security upgrade by WhatsApp comes after Apple was asked by the US government in February to create a special version of its operating system in order to break into an iPhone belonging to one of the San Bernardino mass shooters. Apple had rejected the order, which fired up a massive debate over the increasing use of encryption and how it affects law enforcement investigations.

WhatsApp co-founder Jan Koum was one of the first prominent tech leaders to come forth publicly to stand by Apple’s side of the encryption battle in their refusal to help the FBI create a backdoor into the iPhone. When the WhatsApp founders, Koum and Acton were releasing news on the latest encryption update on their blog, they reiterated this importance of encryption in a climate where companies like Apple are taking on government agencies.

 

Security on WhatsApp

The founders of WhatsApp begun on their serious quest for encryption on their communication app when they teamed up with a high-minded coder and cryptographer who goes by the pseudonym Moxie Marlinspike. They were contacted by Marlinspike in 2014, who was once a key member of Twitter’s security team. The highly-regarded cryptographer runs an open source software project, Open Whisper Systems, a San Francisco group that developed its software with private funding and government grants, including a State Department program that encouraged encryption as a defense against repressive regimes. Open Whisper Systems provides encryption for messaging services, and they were the people behind the app Signal that also provides encrypted text messaging and voice calls. It is this technology that is now incorporated into WhatsApp across all its mobile platforms.

Whatsapp_Encryption_Proxima-by Wired

(Source: The Wired)

Now, not only are WhatsApp’s users benefiting from the protection of encryption on their messages, but one which is also considered strong encryption. In a technical white paper released by WhatsApp on April 4th, the company goes into detail of the underlying cryptographic exchange that occurs when messages are sent between users.

It describes how WhatsApp utilizes the double ratchet cryptographic protocol, a key management algorithm developed by Marlinspike himself. The use of the double ratcheting provides forward secrecy, even if session keys are compromised. This means that each conversation uses a new key, so even if a hacker stole the key, they cannot decrypt earlier conversations, as these will still be protected. Users can even verify the security of their conversations by comparing their ‘security codes’.

Moreover, WhatsApp practices the use of public key encryption. In an example of such public key encryption; To send a message to User B, User A asks a WhatsApp server for a public key that applies to User B. User A then uses the public key to encrypt the message. User B’s private key (only available on User B’s phone) decrypts the message. On top of that, all communication (whether with a single contact or in a group) enjoys protection through a 256-bit encryption, the highly-dependable AES256 algorithm which is accepted by the US and Canadian governments as standards for encrypting transited data and data at rest.

If your WhatsApp program has yet to automatically download the upgrade, you can install the latest encrypted versions of the WhatsApp here: iOS, Android or Windows Phone.

 

Sources

[1] WhatsApp blog

[2] Huffington Post

[3] Fortune

[4] Wired

[5] Mac World

[6] Fox News

Leave a Reply

Your email address will not be published. Required fields are marked *