Two Tips to Keep Your Phone’s Encrypted Messages Encrypted
Autor: Andy G
Author: Andy Greenberg.Andy Greenberg Security
WIRED | 2016-04-26
End-to-end encryption by default is quickly becoming the new standard
for any communications app that claims to care about the privacy of
those who use it. But not all encryption is created equal. And default
doesn’t always mean default.
In just the month of April, both WhatsApp and Viber switched on that
layer of protection from surveillance, which is designed to make it
technically impossible for anyone to read the services’ messages other
than the people in conversation: not eavesdropping hackers, not law
enforcement, and not even the companies themselves. For the two
companies’ massive userbases—more than 700 million phones run Viber, and
more than a billion run WhatsApp—that switch seems to represent the
start of a new era where strong encryption is no longer a privilege for
geeks and paranoids, but an effortless mainstream tool.
But that effortlessness hasn’t arrived quite yet. In fact, despite the
two companies touting their encryption as ready out-of-the-box, you
actually need to flip a few subtle switches of your own to activate that
level of security. From tweaking the apps’ settings to checking your
backup configurations, there are a few quick steps you can take to make
those apps’ end-to-end encryption significantly more secure. “Security
is not magic, and using WhatsApp will not magically protect anyone from
surveillance,” says Filippo Valsorda, a cryptographic engineer for
Cloudflare who’s analyzed both WhatsApp and Viber’s crypto setups. “There
are still things you need to be aware of to make sure you don’t
undermine these apps’ end-to-end security…A lot of information is
missing that the public needs to know.”
Tip 1: Enable Fingerprint Verification
In WhatsApp’s case, Valsorda points out there’s a nagging problem of
authentication: For encryption to guarantee that only an intended
recipient can decrypt a message, that recipient needs to prove they’re who
they say they are. WhatsApp and other end-to-end encrypted messaging
tools let communicators check each others’ “key fingerprints”—an
abbreviated version of a unique key that WhatsApp stores on the phone to
prove a person’s identity.
But in its default state, WhatsApp doesn’t alert a sender when the key
fingerprint of a recipient has changed. A new fingerprint could merely
mean that the recipient has started using a new phone or deleted and
reinstalled the app. Or it could mean something more troubling: that a
“man-in-the-middle”—such as a law enforcement agency with a wiretap
order forcing WhatsApp’s cooperation—has inserted himself, and is
intercepting and decrypting every message before passing it on to the
intended recipient.
Luckily, WhatsApp offers a “security notifications” feature—not on by
default—that automatically remembers all of your contacts’ fingerprints
for you and alerts you if a fingerprint changes. To turn it on, flip the
switch on the Security page under Accounts in the app’s settings.”Without
that setting on, the fingerprint can change at any time, and the phone
will say sure, I’ll use this new key,” says Valsorda.
“But if that setting is on, an attacker can’t decide at some point that
you’re an interesting person and start intercepting from then on,
because a warning will appear.”
Viber handles that key fingerprint verification with a different process
that requires its own sort of manual verification. As the company
explains in its security FAQ, a contact is only considered “verified”
after you’ve called them through Viber’s voice-calling feature, both
verified that you’re talking to the person you think you’re talking to,
and then tapped a lock icon during the call. From then on, that person’s
messages will appear in green. If that color changes to red, it’s an
automatic warning that their key fingerprint has changed. But until the
person is verified, their fingerprint is considered unverified and can
change without any such alert.
Tip 2: Disable Cloud Backups
Beyond key fingerprints, anyone who backs up their data may face an even
more glaring issue: those backups often aren’t encrypted—or at least not
using an encryption system for which only you control the key. Both
Whatsapp and Viber messages, for all their fancy end-to-end encryption,
have that protection stripped away when they’re backed up to Apple’s
iCloud servers or Google Drive. And that leaves your messages open to
all the usual risks of exposure to hackers, to Apple or Google
themselves, or to any government that can force those companies to turn
over the data. “If you have an app that backs up to iCloud, that’s for
the purpose of restoring that content to another device…End-to-end [encryption]
suggests no other device can read those messages,” says iOS forensics
consultant Jonathan Zdziarski. “To me, those two terms are mutually
exclusive.”
On the iPhone, those backups can be easily turned off for specific apps
under the Backup Options menu in settings. For iPhone owners using
WhatsApp, which actually backs itself up two ways, you need to take an
extra step: disable backups within the app itself under “Chat Backup” in
the Chats menu in settings. Android owners can avoid the problem by not
setting up Google Drive backups from WhatsApp in the first place. And
the same advice holds for third-party cloud backups like Dropbox. If you
want to keep your messages fully end-to-end encrypted, never sync
WhatsApp or Viber with a cloud backup program.
The downside, of course, is that turning off backups means that messages
can’t be recovered if your phone is destroyed or lost. With true
end-to-end encryption, that’s almost considered a feature. Cryptographer
Matthew Green has written about what he calls the Mud Puddle Test: If
you drop your phone in a mud puddle, then slip in that puddle and crack
your head, forgetting all your passwords, can you still recover your
data? If you can—say, by using Apple’s password recovery feature to
access an iCloud backup—the data wasn’t truly encrypted in the first
place. The encrypted messaging app Signal, recommended by Edward Snowden
and widely considered the most secure option for encrypted messaging,
passes that test. If a phone running Signal is dropped in a mud puddle
and destroyed, the messages are simply gone.
Not everyone is willing to risk losing their messages in exchange for
the security of true end-to-end encryption. But that’s the tradeoff that
fully secured end-to-end encryption requires. And those seeking privacy
should know as much, rather than be lulled into a false sense of
security by companies’ promises of of protection that don’t include
caveats and edge-cases. “Chances are you’re making a compromise by
backing up to the cloud,” says Zdziarski. “That has its place, and it’s
useful. But the user needs to be aware that by doing that they’re
probably exposing their data.”
https://www.wired.com/2016/04/tips-for-encrypted-messages/