WhatsApp fixes its biggest encryption vulnerability


Rarely, if any, The service has done more to provide safe messages to more people WeChat. Since 2016, the messaging platform has Enable end-to-end encryption-by default, The same applies to its billions of users. No complaints there.But if you back up your WhatsApp messages to iCloud or Google Cloud, these chats will no longer have that degree of protection. This is the lesson of the former Trump campaign chairman Paul Manafort and others experienced hard learning.

Clearly, this does not mean that WhatsApp’s encryption is somehow problematic, or that anyone is monitoring your messages. (Unless they have a subpoena.) This is a loophole, WhatsApp’s ability to rely on other people’s clouds to store your stuff. Now, thanks to some clever cryptography, this Facebook-owned company has developed a way to approach it.

In the next few weeks, WhatsApp will roll out an update that adds End-to-end encryption Backup, if you choose this way. Facebook CEO Mark Zuckerberg announced the feature on Facebook postal This morning. For a long-standing problem, this is a complex solution and sets a precedent for companies that do not want to rely on world security so extensively. Few dominant cloud providers.

WhatsApp product manager Calvin Pappas said: “We have been working on solving this problem for many years. In order to solve this problem, we must develop a new framework for key storage and cloud storage, which can be used in the world’s largest operating system.”

To better understand the solution, it helps to clarify the problem. WhatsApp encrypts the messages between the sender and the recipient; the service staff cannot see them at any time during the journey, nor can they see them after they arrive. (The exception here is that if you report a message as abusive, the WhatsApp contractor may review it. This will not break or even break its end-to-end encryption; once someone receives the message, they can show it to Anyone they want. Encryption is not magic!) So far so good. If you back up your messages to iCloud or Google Cloud without end-to-end encryption, the potential trouble begins, which in turn means that Apple or Google can hand them over to law enforcement when they knock on the door.

“Many companies’ services run on different companies’ clouds, and the security of the cloud is not under their control,” said Riana Pfefferkorn, a research scholar at the Stanford Internet Observatory. She said that it’s not that Apple, Google, or any other cloud provider is necessarily insecure. However, the phrase “the cloud is just someone else’s computer” and its foretelling responsibilities apply whether you are an individual uploading a few photos from your mobile phone or a company with billions of privacy-conscious users.

WhatsApp has not given up on Google Cloud or iCloud. But it will let you encrypt the backup before it first enters these clouds. Think of it as passing secret information to a courier. If you write it in plain English and they are arrested, you are going to toast. But if you write it with code that they don’t know how to decipher, all you give up are a bunch of wavy lines and dots.

Provided by WhatsApp



Source link

Recommended For You

About the Author: News Center