Never miss a story

Get subscribed to our newsletter


×
Encryption on whatsapp being blamed for snooping. Pixabay

If we blame end-to-end encryption of WhatsApp for the Israeli spyware Pegasus that affected 1,400 select users of the Facebook-owned messaging app globally, including 121 in India, we will be barking up the wrong tree, say experts.

WhatsApp provides end-to-end encryption by default, which means only the sender and recipient can view the messages. But the piece of NSO Group software exploited WhatsApp’s video calling system by installing the spyware via missed calls to snoop on the selected users.


This raised questions about the utility of encryption, which also prohibits security agencies from tracing the origin of messages. Traceability of WhatsApp messages is a key demand that India has put forward.

But security experts have warned that blaming end-to-end encryption for the spyware would not be right.

“WhatsApp as well as other leading instant messaging apps have recently adopted an end-to-end encryption. The encryption process itself is solid, messages that leave your device are encrypted and they stay that way until they reach their final destination,” Yaniv Balmas, Head of Cyber Research, Check Point Software Technologies, told IANS.

“However, on your device, as well as on the receiving device the messages are decrypted so you can read them. A malicious application running on your device can inspect them, change or delete them just as well as you could. So the issue here is not in the applications or in their encryption protocol, but in the environment they are installed in,” Balmas said.

According to leading tech policy and media consultant Prasanto K. Roy, end-to-end encrypted apps (E2EE) do provide security, and messages or calls cannot be intercepted and decrypted en route without enormous computing resources.

“But once anyone can get to your handset, whether a human or a piece of software, the encryption doesn’t matter any more. Because on your handset, it’s all decrypted,” he explained.


Security experts have warned that blaming Whatsapp for the spyware would not be right. Pixabay

“There’s plain text on your screen, and plain audio or video in your camera. The right kind of spyware in your handset can read those messages or even listen in on your phone’s mic to what someone is saying in the room, or see what’s happening around, with the camera.

“If that happens then all apps are affected, not just WhatsApp. The spyware doesn’t care about the app — it just reads the screen. So, the recent incident has not changed the fact that E2EE apps/platforms are secure. Or the fact that spyware on your handset (which has many vectors: this time it was WhatsApp, but it is usually SMS or email) can compromise your entire handset and all its apps,” Roy said.

In his memoir “Permanent Record”, whistleblower Edward Snowden wrote that the Internet is currently more secure now than it was in 2013, especially given the sudden global recognition of the need for encrypted tools and apps.

Snowden, who served as an officer of the Central Intelligence Agency (CIA) and worked as a contractor for the National Security Agency (NSA), rocked the world in 2013 after he revealed that the US was secretly building a way to collect the data of every person in the world, including phone calls, text messages and email.

“Perhaps the most important private sector change occurred when businesses throughout the world set about switching their website platforms, replacing http (Hypertext Transfer Protocol) with the encrypted https (the S signifies security), which helps prevent third party interception of Web traffic,” Snowden wrote.

Also Read- Photos-only Mode On Facebook’s Mobile App Under Testing

Balmas agreed the move to embrace encryption by chat applications marked a “good progress” in terms of user security and privacy.

“The encryption is solid and the algorithms behave as expected, however risks are still there, especially ones that originate from the surrounding operating system, which cannot be controlled or expected by any of the instant messaging software providers,” he said. (IANS)


Popular

qz.com

China is cracking down on cryptocurrency

A cryptocurrency is a digital/virtual currency, that is secured by cryptography (study of hiding information). There are over 6,500 cryptocurrencies in existence as of September 2021. The value of cryptocurrency is growing at a quick rate and analysts and experts are still expecting a sharp rise in the value of Bitcoin, the oldest, and most valuable cryptocurrency in the world. however, china doesn't seem to be on board with the idea of digital coins in its economy as it has banned dealing and trading in these digital tokens.

China has taken several decisions to curb the rise of cryptocurrency in its market since 2013 by putting in place increasingly stricter rules on virtual currencies. But on September 17th, China's central People's Bank of China (PBOC) announced that all activities from transactions made in cryptocurrency to crypto mining are deemed illegal including offering trading of digital assets, order matching, token issuance and derivatives. Anyone who's found guilty of being involved with cryptocurrencies and working for overseas platforms from within China will be severely punished. Chinese Government directed the banks to not provide any products or services such as trading, clearing and settlement for cryptocurrency transactions.

Keep Reading Show less
DRDO Twitter

"Akash Prime" was successfully tested by the DRDO by the ITR in Odisha's Chandipur

A new version of the Akash missile- "Akash Prime" was successfully tested by the Defence Research and Development Organisation (DRDO) at the Integrated Test Range in Odisha's Chandipur on Monday at around 4:30 pm. The missile intercepted and tore apart a high-speed unmanned aerial target mimicking enemy aircraft, in its first flight test after all the enhancements.

Akash Prime is equipped with an indigenous active Radio Frequency seeker to accurately locate the enemy aircraft. The upgrade includes an improved, Launcher, Multi-Function Radar and Command, Control and Communication system. The test was carried out amidst bad weather conditions and yet Akash Prime successfully detonated the threat proving the all-weather capability of the weapon system. The improvements also established that the new missile has comparatively more reliable performance under a low-temperature environment at higher altitudes

Keep Reading Show less
Photo by Kelly Sikkema on Unsplash

According to research, virtual learning has been proven to enhance retention of information and take up less time

"Education is the most powerful weapon which you can use to change the world."
-N
elson Mandela


Schools all across the world have been closed as a result of the COVID-19 outbreak. Over 1.2 billion children are out of school across the globe. (Reported by UNICEF). Because of this, education has changed immensely, with the introduction of e-learning, in which tutoring is provided remotely and using various digital platforms. According to research, virtual learning has been proven to enhance retention of information and take up less time, indicating that the changes produced by the coronavirus may be here to stay in the future.

Keep reading... Show less