NEW DELHI :If we blame end-to-end encryption of WhatsApp for the Israeli spyware Pegasus that affected 1,400 select users of the Facebook-owned messaging app globally, including 121 in India, we will be barking up the wrong tree, say experts.
WhatsApp provides end-to-end encryption by default, which means only the sender and recipient can view the messages. But the piece of NSO Group software exploited WhatsApp's video calling system by installing the spyware via missed calls to snoop on the selected users.
This raised questions about the utility of encryption, which also prohibits security agencies from tracing the origin of messages. Traceability of WhatsApp messages is a key demand that India has put forward.
But security experts have warned that blaming end-to-end encryption for the spyware would not be right.
"WhatsApp as well as other leading instant messaging apps have recently adopted an end-to-end encryption. The encryption process itself is solid, messages that leave your device are encrypted and they stay that way until they reach their final destination," Yaniv Balmas, Head of Cyber Research, Check Point Software Technologies, told IANS.
"However, on your device, as well as on the receiving device the messages are decrypted so you can read them. A malicious application running on your device can inspect them, change or delete them just as well as you could. So the issue here is not in the applications or in their encryption protocol, but in the environment they are installed in," Balmas said.
According to leading tech policy and media consultant Prasanto K. Roy, end-to-end encrypted apps (E2EE) do provide security, and messages or calls cannot be intercepted and decrypted en route without enormous computing resources.
"But once anyone can get to your handset, whether a human or a piece of software, the encryption doesn't matter any more. Because on your handset, it's all decrypted," he explained.
"There's plain text on your screen, and plain audio or video in your camera. The right kind of spyware in your handset can read those messages or even listen in on your phone's mic to what someone is saying in the room, or see what's happening around, with the camera.
"If that happens then all apps are affected, not just WhatsApp. The spyware doesn't care about the app -- it just reads the screen. So, the recent incident has not changed the fact that E2EE apps/platforms are secure. Or the fact that spyware on your handset (which has many vectors: this time it was WhatsApp, but it is usually SMS or email) can compromise your entire handset and all its apps," Roy said.
In his memoir "Permanent Record", whistleblower Edward Snowden wrote that the Internet is currently more secure now than it was in 2013, especially given the sudden global recognition of the need for encrypted tools and apps.
Snowden, who served as an officer of the Central Intelligence Agency (CIA) and worked as a contractor for the National Security Agency (NSA), rocked the world in 2013 after he revealed that the US was secretly building a way to collect the data of every person in the world, including phone calls, text messages and email.
"Perhaps the most important private sector change occurred when businesses throughout the world set about switching their website platforms, replacing http (Hypertext Transfer Protocol) with the encrypted https (the S signifies security), which helps prevent third party interception of Web traffic," Snowden wrote.
"The encryption is solid and the algorithms behave as expected, however risks are still there, especially ones that originate from the surrounding operating system, which cannot be controlled or expected by any of the instant messaging software providers," he said.
This story has been published from a wire agency feed without modifications to the text. Only the headline has been changed.
Go here to read the rest:
Is encryption to blame for WhatsApp snooping? - Livemint
- Encryption Software Market 2019 Size, CAGR Status, Key Players, Growth Analysis and Forecast to 2026 - The Market Publicist - December 2nd, 2019
- Global Encryption Software Market Industry Analysis and Forecast (2018-2026) - Daily Research Stack - December 2nd, 2019
- Fortinet took 18 months to strip software of flawed crypto cipher and keys - The Daily Swig - December 1st, 2019
- Mobile Encryption Market Competitive Research And Precise Outlook 2019 To 2025 - The Market Publicist - December 1st, 2019
- NordPass: Get rid of password stress. Forever. - EE Journal - December 1st, 2019
- Apple patents anti-snooping technology that would stop police from tracking locations and messages - Stock Daily Dish - December 1st, 2019
- Encryption Software Market Research Report by Geographical Analysis and Forecast 2017-2027 - Kentucky Reports - November 28th, 2019
- Encryption Key Management Software Market : Industry Research, Growth Trends And Opportunities For The Forecast Period 2019-2029 - News Description - November 28th, 2019
- iStorage cloudAshur is named: Security Innovation of the Year at the UK IT Industry Awards 2019 - ResponseSource - November 28th, 2019
- Database Encryption Market Analysis Report by Product Type, Industry Application and Future Technology 2025 (International Business Machines... - November 28th, 2019
- The IT Guide to Enforcing Full Disk Encryption Windows Edition - Security Boulevard - November 28th, 2019
- Why The FBI's Former Top Lawyer Now Embraces Encryption - Law360 - November 28th, 2019
- Big Boom in Cloud Encryption Market over 2019-2026 with CipherCloud Inc., Hytrust Inc., Gemalto NV, IBM Corporation and more - Market Expert - November 28th, 2019
- Encrypted Flash Drives Market Size, Growth, Global Industry Analysis, Share, Segments and Forecast 2019-2024 - Space Market Research - November 28th, 2019
- Encryption Software Market 2019 Global Industry Status, Segment by Region, Type and Future Forecast To 2026 - Financial News - November 28th, 2019
- FBI worried about criminals having unfettered access to encryption technology - KTVI Fox 2 St. Louis - November 23rd, 2019
- What Is End-to-End Encryption? Another Bulls-Eye on Big Tech - The New York Times - November 23rd, 2019
- Think of the children: FBI sought Interpol statement against end-to-end crypto - Ars Technica - November 23rd, 2019
- Security Expert Comments On NSA Publishes Advisory Addressing Encrypted Traffic Inspection Risks - ISBuzz News - November 23rd, 2019
- Global Hardware-based Full Disk Encryption Market By Industry Business Plan, Manufacturers, Sales, Supply, Share, Revenue and Forecast Report... - November 23rd, 2019
- Moniker makes a statement with The Encryption EP - The Untz - November 23rd, 2019
- Global Mobile Encryption Market By Industry Business Plan, Manufacturers, Sales, Supply, Share, Revenue and Forecast Report 2019-2024 - BeetleVersion - November 23rd, 2019
- NSA Publishes Advisory Addressing Encrypted Traffic Inspection Risks - BleepingComputer - November 23rd, 2019
- Encryption Key Management Software Market Research Report: Market Analysis on the Future Growth Prospects and Market Trends Adopted by the... - November 23rd, 2019
- Microsoft Windows 10 To Natively Support DNS Over HTTPS Encryption And Obfuscation Technique Making Internet Traffic Monitoring Near Impossible -... - November 23rd, 2019
- Import EFS File Encryption Certificate and Key (PFX file) in Windows 10 - TWCN Tech News - November 23rd, 2019
- What Is Homomorphic Encryption? And Why Is It So Transformative? - Forbes - November 19th, 2019
- FBI Recruits Interpol to Condemn End-to-End Encryption - WebProNews - November 19th, 2019
- BEST PRACTICES: Resurgence of encrypted thumb drives shows value of offline backups in the field - Security Boulevard - November 19th, 2019
- Astonishing Growth in Global encryption software market size was valued at USD 2.98 billion in 2018. It is projected to post a CAGR of 16.8% from 2019... - November 19th, 2019
- Encryption Software Market Overview, Latest Analysis and Future Forecast 2019 2025 - Markets Gazette 24 - November 19th, 2019
- With end-to-end encryption, we wouldn't be able to listen in even if we wanted to, says Facebook's Stan Chudnovsky - Mumbrella Asia - November 19th, 2019
- Microsoft Jumps on the DoH Train Company to Introduce Encrypted DNS - Computer Business Review - November 19th, 2019
- Global Mobile Encryption Technology Market 2018 Manufacturers, Types and Application, Analysis History and Forecast 2025 - Galus Australis - November 19th, 2019
- Hardware Encryption Market Growth Forecast Analysis by Top Manufacturers, Regions, Product Types and Application (2019 - 2026) - News Obtain - November 19th, 2019
- The Best Encryption Software for 2019 | PCMag.com - October 21st, 2019
- What is data encryption? - October 19th, 2019
- USB Enforced Encryption - Endpoint Protector - October 19th, 2019
- Authenticated encryption - Crypto++ Wiki - October 19th, 2019
- Tinder's Lack of Encryption Lets Strangers Spy on Your ... - October 19th, 2019
- 'Without Encryption, We Will Lose All Privacy': Snowden ... - October 18th, 2019
- Security pros reiterate warning against encryption backdoors - October 18th, 2019
- Encryption - servicepro.wiki - October 18th, 2019
- Mozy Encryption - October 18th, 2019
- Optical Encryption Market Size, Share, Trends and Forecast ... - October 18th, 2019
- MySQL Enterprise Transparent Data Encryption (TDE) - October 18th, 2019
- What is Encryption? - Definition from WhatIs.com - October 17th, 2019
- How to Set Up BitLocker Encryption on Windows - October 2nd, 2019
- Encryption: What It Is, and How It Works for You | Tom's Guide - October 2nd, 2019
- Security Encryption Systems | HowStuffWorks - October 2nd, 2019
- What is The Difference Between Hashing and Encrypting - October 2nd, 2019
- How Encryption Works | HowStuffWorks - September 5th, 2019
- encryption - How secure is AES-256? - Cryptography Stack ... - June 2nd, 2019
- The World's Email Encryption Software Relies on One Guy, Who ... - May 5th, 2019
- Encryption breakthrough could keep prying eyes away from your ... - May 5th, 2019
- What Is Data Encryption? Definition, Best Practices & More ... - May 1st, 2019
- IronClad Encryption Partners with Data443 Risk Mitigation ... - April 30th, 2019
- What Is Encryption? An Overview of Modern Encryption ... - April 30th, 2019
- Symmetric vs. Asymmetric Encryption What are differences? - April 29th, 2019
- Difference Between Hashing and Encryption - ssl2buy.com - April 29th, 2019
- What is Advanced Encryption Standard (AES)? - Definition ... - April 29th, 2019
- How to Encrypt Your Wireless Network - Lifewire - April 29th, 2019
- After Paris, Encryption Will Be a Key Issue in the 2016 ... - April 22nd, 2019
- Email encryption - Wikipedia - April 8th, 2019
- What is Encryption, and Why Are People Afraid of It? - April 8th, 2019
- Data encryption | cryptology | Britannica.com - April 8th, 2019
- How to Enable Full-Disk Encryption on Windows 10 - April 1st, 2019
- After Paris, Encryption Will Be a Key Issue in the 2016 Race - March 27th, 2019
- Does Encryption Really Help ISIS? Heres What You Need to ... - March 27th, 2019
- AES and RSA Encryption Explained - March 27th, 2019
- Encryption: What it is and why its important - Norton - March 23rd, 2019
- Authenticated encryption - Wikipedia - March 19th, 2019
- Email Encryption Options for MDaemon Email Server - March 14th, 2019
- How to Encrypt Files on Windows - Tutorial - Toms Guide - March 6th, 2019
- Encryption, Key Management - bank information security - March 5th, 2019
- Which Types of Encryption are Most Secure? - February 7th, 2019
- JSON Object Signing and Encryption (JOSE) - February 4th, 2019
- What Is Encryption, and How Does It Work? - January 26th, 2019
- The Pitfalls of Facebook Merging Messenger, Instagram, and ... - January 26th, 2019
- Encryption: Avoiding the Pitfalls That Can Lead to Breaches - January 14th, 2019