Communications on WhatsApp are now fully end-to-end encrypted, the company announced today, completing an integration that has lasted for nearly a year and a half. The company began rolling out encrypting text messages in November 2014, as part of a partnership with Open Whisper Systems, but those protections now extend to voice calls, video, and multi-party chat rooms, for users on both iOS and Android.
Deploying universal encryption allows for a number of new protections. Once communications with a user are encrypted, the WhatsApp client will now notify the user and refuse to send any unencrypted messages, addressing previous concerns that the system might be vulnerable to a downgrade attack.
It's still hard to say for sure that WhatsApp is entirely immune to warrant requests. New attacks and vulnerabilities are common in the security world, and governments have been known to purchase and stockpile such attacks for law enforcement purposes. WhatsApp's system still manages messages centrally, coordinates key exchanges, and has significant control over the code that runs on both servers and phones, so any attacker with WhatsApp's cooperation would be well-placed to execute any newly devised attacks. Still, such an attack would likely require extraordinary cooperation from WhatsApp, akin to the measures demanded in Apple's San Bernardino case, measures that would be vigorously resisted in courts and elsewhere.
The result is strong security for WhatsApp users, and potentially a template that could be applied to other services going forward. Open Whisper's protocol is open source, and the group has pledged to help other messenger services employ the same protections going forward. "Over a billion monthly active users across the world are now using the Signal Protocol for end to end encryption," Open Whisper wrote in its blog post announcing the change. "Over the next year, we will continue to work with additional messengers to amplify the impact and scope of private communication even further."
Deploying universal encryption allows for a number of new protections. Once communications with a user are encrypted, the WhatsApp client will now notify the user and refuse to send any unencrypted messages, addressing previous concerns that the system might be vulnerable to a downgrade attack.
It's still hard to say for sure that WhatsApp is entirely immune to warrant requests. New attacks and vulnerabilities are common in the security world, and governments have been known to purchase and stockpile such attacks for law enforcement purposes. WhatsApp's system still manages messages centrally, coordinates key exchanges, and has significant control over the code that runs on both servers and phones, so any attacker with WhatsApp's cooperation would be well-placed to execute any newly devised attacks. Still, such an attack would likely require extraordinary cooperation from WhatsApp, akin to the measures demanded in Apple's San Bernardino case, measures that would be vigorously resisted in courts and elsewhere.
The result is strong security for WhatsApp users, and potentially a template that could be applied to other services going forward. Open Whisper's protocol is open source, and the group has pledged to help other messenger services employ the same protections going forward. "Over a billion monthly active users across the world are now using the Signal Protocol for end to end encryption," Open Whisper wrote in its blog post announcing the change. "Over the next year, we will continue to work with additional messengers to amplify the impact and scope of private communication even further."
No comments:
Post a Comment