Encrypt correctly! Why messengers won't protect the privacy of your correspondence. How encryption works in WhatsApp WhatsApp is protected by encryption read earlier messages

Messages you send to this chat and your calls are now protected by encryption. This way WhatsApp and third parties do not have access to them. Many WhatsApp users have seen this window recently, including me.

What does this mean for us? Now communication via WhatsApp, thanks to end-to-end encryption, has become more secure for users.

How does WhatsApp encryption work?

Whatsapp encryption works as end-to-end encryption, i.e. no one, including those in the company itself, will be able to read any content in chats, both between users and in group conversations. Everything is encrypted, including sent messages, photo and video materials, voice messages. In addition, encryption is also enabled for voice calls.

The first popular messenger to introduce encryption was Pavel Durov’s product, Telegram. Its concept initially included secure communication. According to Durov, he was struck by the revelations of former US NSA employee Edward Snowden, who reported the total surveillance of the US government over its citizens, as well as citizens and leadership of other states.

How to enable message encryption in WhatsApp

You don't need to do anything special to enable encryption. It's already enabled by default for all users of this messenger. (and WhatsApp has about a billion of them). It is enough to update your version to the most current one. If one of the participants in a group conversation or chat does not have the latest version, encryption will be disabled.

You can find out whether your interlocutor has the latest version of WhatsApp by looking at his information.

When you see the image of a closed padlock, you can be sure that encryption is enabled for this contact. If the lock is open, it means it has not yet updated its version to the latest.

Is it possible to “hack” encrypted WhatsApp messages?

No one has yet proven otherwise.

It should be noted, what's under burglary This means interception of WhatsApp traffic by third parties - for example, intelligence agencies, your Internet provider, or an attacker in a cafe where you are using an open Wi-Fi access point.

Method reading other people's correspondence, described by me, uses social engineering, so it is still relevant. When your device falls into the wrong hands, then even the strongest encryption algorithm will not help. To protect yourself from it, set a password on your smartphone, or on the launch of a specific application.

After the Snowden story, most sympathizing paranoids began to focus on the topic of encrypting data transmitted over the Internet with renewed vigor. Serious guys had already encrypted everything they needed before, so this topic passed them by. However, as it turned out, simple encryption is not enough. It is necessary to provide so-called end-to-end encryption.

Everyone’s favorite instant messengers turned out to be especially vulnerable, where messages were either not encrypted at all, or were encrypted in a way that I will now describe. There is one encryption key, which is controlled by the messenger developer. Your message is encrypted using this key and sent to the messenger server, decrypted there, the message is recorded in history, encrypted again, sent to your interlocutor and decrypted there. This encryption scheme is not end-to-end and only protects against attackers between you and the messenger server. For example, if you are sitting somewhere in a cafe on free Wi-Fi, then it is useless to intercept your traffic because it is encrypted, but the attackers do not know the decryption key. The main disadvantage of this scheme is that your entire message history is available to intelligence agencies at almost any time upon request. In the civilized world, you are of no interest to the intelligence services: they have enough work to do without you. And in a not very civilized world, intelligence services can abuse their position, for example, help “their own” find out what they need about you.

End-to-end encryption is designed to help you get encrypted. In this case, only you and your interlocutor know the encryption key. Your message is encrypted with this key, sent to the messenger server, where it cannot be decrypted because the server does not know your key. The message goes to your interlocutor in transit unchanged and is decrypted by him. The disadvantage of the scheme is that the message history is stored only locally in the application. When you reinstall the application, the history is lost.

A couple of years ago, only Signal and maybe Wire had end-to-end encryption. All other messengers (Viber, Skype, WhatsApp, iMessage) were more or less unsafe. Of course, it was impossible to lag behind the trend. First, end-to-end encryption appeared in Viber, and then in WhatsApp. Telegram has also been added to these two.

Skype belongs to Microsoft, which, in turn, never refuses to the intelligence services, and they did not introduce anything additional. The picture is somewhat better with iMessage, which belongs to Apple.

The Electronic Frontier Foundation (EFF) has compiled and periodically updates messenger security rating. So, for example, WhatsApp and Telegram can be considered conditionally safe among the popular chat rooms.

The convention is that popular instant messengers are commercial products with closed source code, which means no one will be able to check the presence or absence of specially provided loopholes. Therefore, if you expect a good level of security here, then you need to blindly trust the developers of these messengers. As it turned out recently, it was in vain.

The developers of the Facebook-owned WhatsApp messenger, who insisted that it was impossible for unauthorized persons to read user correspondence, actually provided a loophole that allows them to intercept any messages. According to independent cryptography expert Tobias Belter from the University of California at Berkeley, this possibility is provided by WhatsApp's own implementation of the encryption protocol.

WhatsApp's encryption system is based on generating unique security keys. The authenticity of the keys is verified on the users' side, which ensures that messages cannot be intercepted by third parties. However, the messenger developers have provided a backdoor that allows you to forcefully create a new key, re-encrypt and send the message. Thanks to its re-encryption and relay mechanism, Belter said, WhatsApp can intercept and read messages without the recipient or sender knowing. According to Belter, he notified Facebook about the backdoor in the spring of 2016, but company representatives said that this was not a mistake, but that it was intended.

A perfect example of how all this end-to-end encryption is nothing more than a fashionable trend.

If you need encryption in action and not in words, you need to use non-commercial open source messengers. For example, Signal or Pidgin. Yes, they are not as convenient as Viber or WhatsApp, and the interface is a little awkward and crooked. But it's safe.

Many of you have noticed that after the WhatsApp update, a notification about encryption protection appeared in some chats:

Messages you send to this chat and calls are now protected by encryption. To learn more.

We invite you to consider this topic in more detail. Messenger has enabled encryption of calls, messages, photos, videos and any other information by default for all its users, i.e. your entire personal life will now be inaccessible to eavesdropping or hacking by hackers, authorities, and even employees of WhatsApp itself.

How to enable WhatsApp encryption on iPhone

Encryption is already enabled by default for all users and does not require separate activation, but if you want to check whether all my messages in a certain chat are encrypted, do the following:

How to activate WhatsApp encryption on Android

If in a chat you see the message “The messages you send to this chat are not encrypted,” then most likely the person you are talking to has an old version of the application and needs to install the latest update.

How data is encrypted in 6 popular messaging applications. And is it worth believing?

On the emergence of instant messengers and the issue of privacy

In the old days, the main means of communication on the Internet was email (just remember the epic correspondence between Linus Torvalds and Andrew Tanenbaum, and it’s not a fact that someone hacked the mail of one of them, Linus himself published the correspondence in his book “Just for Fun”), No one thought much about any encryption.

But this did not prevent individuals from encrypting/decrypting letters on a local computer, while knowing the shared key. But it was not widespread, few people were interested in it. There were times.

In the first half of the 90s, chat rooms became very popular as a means of communication. It should be noted that their popularity was high even until the middle of the first decade of the 21st century. I’m sure all readers of the resource know, and some may remember the chats, so I won’t dwell on them.

ICQ

ICQ appeared in 1996. It was developed by the Israeli company Mirabilis. It was not the first and only instant messaging system, but due to its advantages it became the most popular, for example, at that time, IM application developers chose monetization by selling them, and ICQ was free. At that time there was no talk of encryption.

The proprietary OSCAR protocol was used for data transfer. Two years later, Mirabilis was purchased by the American company AOL and, together with the messenger, belonged to it until 2010. And, in this year, the rights to ICQ were sold to Mail.Ru Group.

After the advent of ICQ, competing instant messaging systems began to appear like mushrooms after rain. During the life of ICQ, a large number of both official modifications and unofficial clients have appeared, examples of which are QIP, Miranda and many others. Among the competing programs seeking to supplant ICQ, MSN Messenger from Microsoft was released in 1999.

The latter sought to become a replacement for the ICQ client using its protocol, but it did not work out; AOL stopped the attempts by changing the protocol.

There was no question of any encryption in the official ICQ messenger at that time, since the terms of use stipulated the possibility of using any data transmitted between interlocutors by a third party (AOL) for any purpose. At the same time, alternative clients could implement this opportunity.

It was the twentieth century.

About the need for data encryption

Initially, the need for encryption arose not in order to protect one’s secrets from the “big brother”, but to protect against hackers, interception and modification of data. Users not only send: “Hi, how are you?” along with photographs of cats, but sometimes very valuable and secret information: scans of personal documents, plane tickets, source codes and/or distributions of new programs/games/applications and a lot of other confidential information.

And users would not want someone to be able to easily intercept and read their data (I especially feel sorry for the source codes).

But the vast majority of users were still in infantile ignorance, thinking: “nobody needs my data” and assuming that they were safe. But then, like a bolt from the blue (in 2013), Edward Snowden appeared and ratted everyone out. In short, he said that special. services monitor every message, every phone call, every purchase in the online store.

Users who previously felt protected find themselves in the palm of a “big brother” who is able to look into any intimate affairs. From here the race for encryption began, or rather continued with a new - redoubled zeal.

About encryption

The vast majority of information security specialists recognize end-to-end encryption as the most durable method of protecting information. Therefore, IM system developers implement it in their products. Some have already implemented it, others are on their way to it. But over time, everyone will have it, even industry giants who themselves are not averse to getting into user data.

With end-to-end encryption, the keys used to encrypt and decrypt information are generated and stored only at the end nodes of the correspondence, that is, at its participants. The server side does not take any part in creating the keys and, therefore, does not have access to them, as a result of which it sees only encrypted data transmitted between participants. Only the latter can decode and read the information.

How does end-to-end encryption work? When a communication session begins, 2 keys are generated on each interlocutor’s device: public and private. The latter is used to decrypt data; this key does not leave the local device.

The public key is transmitted over an open communication channel to the interlocutor (one or all, if there are several of them). Using a public key, the interlocutor can only encrypt data, and only the owner of the corresponding private key can decrypt it. Therefore, it does not matter who intercepts the public key. As a result of this, he will only be able to transmit his encrypted data.

Having generated a pair of keys, the interlocutors exchange public keys, after which secure communication begins.

Text, video, audio, files, after being encrypted by the sender, go to the server where they are stored until the recipient is able to receive the data. After this, depending on the strategy of the company that owns the server, the data is either destroyed or stored for another period.

As we can see: end-to-end encryption is good. For modern ICT tools, encryption/decryption will not be an impossible task, not even a difficult task. At the same time, if several interlocutors are involved in a conversation, then when sending a message, it must be encrypted for each, therefore, as the number of interlocutors increases, the load on the device equally increases. To achieve this, developers are optimizing the means for organizing group conversations.

The idea of ​​end-to-end is not new. In 1991, Phil Zimmerman developed PGP (Pretty Good Privacy) software to encrypt messages and other data. In subsequent years, the algorithm and corresponding software were improved and acquired additional mechanisms.
In 1997, PGP Inc. proposed the OpenPGP initiative, and in 1999, members of the free software movement created a free implementation of PGP, GnuPG, based on an open standard.

This is all to say that since hacking of PGP has not yet been detected, based on the open implementation of PGP (the source codes are available) it is possible to create encryption mechanisms, which is what messenger developers are most likely doing. Don't write from scratch.

Encryption in IM tools

In the 21st century, even more messengers have appeared; we will pay attention only to the most popular ones - those that have withstood the competition.

But first, about ICQ. As mentioned above, in this application, data is transmitted via OSCAR (text messages). In 2008, it became open, but is still not free. The openness of the protocol made it possible to conduct audits by independent researchers, which is an important point in overall confidence in the security of network applications. Many alternative clients, including: Miranda, QiP, have supported PGP-based encryption for quite some time.

However, only in the spring of this year ICQ, in addition to text, received end-to-end encryption on two fronts: audio and video. As we know, this type of encryption allows us to avoid reading data by a third party (Mail.ru), but at the same time we remember: the terms of use stipulated the possibility of using any transmitted data.

Skype. Most used

It was created in 2003 by the Luxembourg company Skype Limited (mainly by Estonian programmers). It is still a very popular messenger, obviously due to inertia. In 2011, Skype Limited was acquired by Microsoft. Previously, the latter wanted to buy ICQ, but it didn’t work out; she didn’t miss the second chance with another messenger. Skype has ports for all common devices and operating systems.

At first, Skype used the original proprietary protocol, which all the specialists complained about. service due to the inability to hack it. But, after Microsoft’s purchase, the previous protocol was declared obsolete and replaced by MSNP version 24. The protocol is secure against external attacks because the AES-256 encryption algorithm is used. At the same time, if the interlocutor is participating in a conversation from a regular landline or mobile phone, then his data is not encrypted.

However, Microsoft is going special. services for concessions by providing the requested data. Therefore, although the data is transferred between conversation participants in encrypted form, it can be unpacked and read on the server.

After 2003, no one, by and large, dealt with instant messengers for several years, it was not profitable, Skype brought losses almost every year.

WhatsApp. The most popular mobile messenger

This continued until 2009, when WhatsApp appeared. At first, and for a very long time (until the beginning of this year), the application was paid. In addition, there was no encryption. For data transfer, the open and free XMPP protocol, based on XML, is used; it involves the transfer of not only text messages, but also audio, video, binary / text files.

Work on the security of the messenger began in 2012 with the encryption of text messages. But only in the spring of this year, end-to-end encryption was introduced not only for text, but also for voice and video messages. Accordingly, after this the server side lost the ability to read user information.

Due to its wild popularity, WhatsApp was acquired by Facebook in 2014. Why did the payment plan change?

Viber. The most popular messenger in Russia

Then, in 2010, Viber appeared - an IM and VoIP telephony tool. But only in the spring of this year, the transmission of any data became encrypted. Of course, the developers have implemented end-to-end encryption.

iMessage. Complete safety is in question

Developed in 2011. The first stage of encryption appears to be strong: the message is encrypted with a combination of a 1280-bit RSA public key and a 128-bit AES algorithm. And, the signature is carried out based on the ECDSA algorithm (Elliptic Curve Digital Signature Algorithm). The interlocutors exchange keys to create encryption. At first glance, everything is cool.

According to the developers, the latest versions of the messenger use end-to-end encryption; the inability of company employees to read messages is in question. As mentioned in the “About Encryption” section: when sent, data is stored in encrypted form on the server of the company that owns this server.

At first glance, the situation is standard, but the user’s private key, which remains on the device, has a connection with the user’s password. The latter, in turn, is available from Apple. How else can passwords be recovered if the device is lost? This makes it possible to recover the key and decrypt messages.

Telegram. Legendary MTProto encryption

Appeared in 2013, thanks to the tandem of the Durov brothers. One of the latter tirelessly spreads information about the super safety of his brainchild. Therefore, a lot of debate has been raised regarding the security of Telegram. Absolute safety is a highly controversial issue.

Before sending data using a transport protocol (http, tcp, udp), it is encrypted by the MTProto protocol, a joint development of the brothers. It consists of three independent components: a high-level component, a cryptographic layer, and a delivery component. The first defines the method by which API requests and responses are converted into binary code.

The second one defines the method that encrypts messages before sending, and the last one defines how messages are transmitted (transport protocol type). During packet preparation, an external header is added to the top of the message; it is a 64-bit key identifier that uniquely identifies the user and server authorization keys.

Together they represent a 256-bit key and the same bit initialization vector. The latter is used to encrypt the message using the AES-256 algorithm. The encrypted message includes: session, message ID, message sequence number, server salt. This data, in turn, influences the message key.

This way the message is encrypted. Telegram has the option to use end-to-end encryption or allow the server to see the data. Firstly, the second mode serves to avoid attracting unnecessary attention from specialists. services, it is enabled by default.

The first - protected mode is called secret chat (Secret room) and works according to all the laws of end-to-end encryption. The user can enable this mode at will.

However, in both cases, messages are stored on the server for a certain time. In the first case, they cannot be read, but in the second, they can be read. The duration of this time is controlled by the user.

Results

Today, in terms of security, we can imagine the whole variety of modern instant messengers into two categories: instant messengers that implement full end-to-end encryption and the second category, these are messaging systems that only try to be similar to the first category, although they encrypt sent messages. data, on the server this data can be easily read.

End-to-end encryption (E2EE) is considered a panacea for persistent attempts by hackers and law enforcement agencies to access online communications. The meaning of E2EE often comes down to the fact that the keys are stored only on the devices of the interlocutors and do not go to the server... but this is not entirely true. Let's see how things really stand with E2EE, using the example of popular instant messengers.

Encryption in messengers

I was prompted to write this article by research Obstacles to the Adoption of Secure Communication Tools (PDF). As its authors found, “the vast majority of survey participants do not understand the basic concept of end-to-end encryption.” Simply put, people usually choose a messenger with their heart, not their brain.

Let's start with the fact that E2EE has its own characteristics in each messenger. In Signal it is almost exemplary. WhatsApp is formally the same as Signal, with the exception of one very important point: changing the primary key of a WhatsApp subscriber does not block sending messages to him. At most, you can enable a useless notification (which is disabled in the default settings). In Viber, end-to-end encryption is inactive by default, and it only appeared in the sixth version. In Telegram, E2EE is also used only in secret chats, and they are implemented rather strangely.

The conflict between Roskomnadzor and Telegram generally created excellent advertising for the latter. Ordinary users now consider Durov’s creation a real thorn in the back of the intelligence services (or a little lower than it), which cannot do anything with a bulletproof innovative service. Fans of Telegram compare it with Signal and claim the superiority of the first.

However, there are no miracles in cryptography, and especially in applied cryptography. Many mathematically beautiful ideas turn out to be hopelessly spoiled by implementation, when convenience and controllability are put above security and privacy (and this happens almost always).

Initially, messengers used the OTR (Off-the-Record) protocol. It uses AES symmetric encryption in CTR mode, DH key exchange protocol and SHA-1 hash function. The AES-CTR scheme provides so-called “debatable” (in a good way) encryption and the ability to deny the authorship of the text if it is intercepted. You can always argue that the interceptor of the traffic himself changed the ciphertext so that it corresponds to another decryption option of the same length. For example, instead of “go buy bread” it turned out to be “poison the queen” - this is technically possible, and this property is specially built into the algorithm.

The OTR protocol authenticates interlocutors and encrypts correspondence between them. It is secure as long as the participants in the conversation regularly check each other's public key fingerprints and resist attacks from other vectors (including social engineering).

The main disadvantage of OTR is that after sending a new key you need to wait for confirmation from the interlocutor. If he is offline, then communication will be temporarily impossible. One solution was the Double Ratchet (DR) algorithm, developed five years ago by Trevor Perrin and Moxie Marlinspike at Open Whisper Systems. Today, DR is used in Signal, WhatsApp, Viber and many other instant messengers that support end-to-end encryption by default or as a separate option (secret chats).

End-to-end encryption

The E2EE scheme uses a combination of public and private key cryptographic systems. It is obvious in general terms and quite complex at the level of detail. It uses a lot of interconnected keys, some of which necessarily end up on the server and, moreover, are necessarily loaded onto it before the start of correspondence, so that it can be started at any moment. Let's take a closer look at it.

You probably know the beginning of the scheme, since it is standard for all asymmetric encryption systems - a pair of keys is generated. This is necessary because single-key cryptosystems (like AES) are too difficult to use in correspondence in their pure form. They would have to somehow organize a secure channel for transferring the key (for example, meet in person), and then do it again every time it is changed.

Everything is just like in the usual PGP: there are two interlocutors (Alice and Bob), each of whom generates their own pair of keys. They then exchange public keys, keeping their paired secret keys secret. Public keys are transmitted over an open channel (that’s why they are public, let them be intercepted for good measure) and serve two purposes: they allow you to encrypt a message and verify its signature. Accordingly, secret keys are used for decryption and signature generation.

INFO

The term "message" is used here in a broad sense. A message can be text, a media file, or service metadata that the messenger exchanges with the server. Some of this data contains timestamps, client application state, and new keys.

Unfortunately, the pure asymmetric encryption scheme is also not suitable for instant messengers, since these services are focused on intensive online correspondence in the form of a chain of short messages. They must be displayed in a strictly defined order, and the interlocutor can be offline at any time and disrupt the structure of the dialogue.

Moreover, encrypting many short messages with one key is a bad idea. In just one day of correspondence, hundreds (if not thousands) of them are created. In many messages, the amount of ciphertext is minimal and predictable (smiley, sticker). They also have standard headers that make cryptanalysis easier.

The peculiarity of correspondence in instant messengers is that, due to typical metadata, an attacker can intercept a large volume of predictable ciphertext in a short time. The lion's share of it will correspond to the known plaintext. If it is encrypted with one key, then in the event of a successful attack, all previously written messages and even those that the interlocutors will write in the future will be compromised.

To prevent this from happening, messengers provide such properties as forward and reverse secrecy. They imply the inability to read messages sent previously and written in the future, having only the current encryption key in hand. For this, multilayer encryption is used with the transition from asymmetric to symmetric cryptography and additional keys with different lifetimes.