The best secure mobile messaging apps 2017
This week, WikiLeaks released information documenting over 8,000 CIA spying files in its 'Vault 7' collection. Reports surrounding this claimed that the CIA was able to easily bypass WhatsApp's (and Signal's) security systems and read user messages. In addition, WikiLeaks also said that the CIA uses malware and hacking tools to remotely hack smartphones and turn TVs into recording devices.
Essentially, this shows that anyone can hack into a phone once they have access to it. It also highlights the fact that currently encryption doesn't measure up to the hacking abilities of the CIA, and if anyone thought downloading an app would prevent intelligence agencies from accessing their phone's data, then they are entirely wrong.
In February 2017 WhatsApp incrementally introduced two-factor authentication to all of its users as an optional added layer of security.
Two-factor authentication essentially means verifying your identity twice – and in this case users will choose to access their account through a six-digit number. WhatsApp users will need to enable the feature through their settings and once switched on, the passcode will remain on the associated account, no matter which device it's being accessed through.
The feature first appeared in beta late last year, and the app will require users to enter the passcode about once every week. Users will be able to set up a backup email in case they forget the passcode.
It's unlikely to inspire enormous confidence in WhatsApp as a secure platform, but it is a small nod towards security for personal use.
Earlier this year, a Guardian report claimed that a security vulnerability in WhatsApp meant Facebook – WhatsApp’s parent company – could read encrypted messages sent through the service. Security researcher Tobias Boelter told the paper that WhatsApp is able to create new encryption keys for offline users, unknown to the sender or recipient, meaning that the company could generate new keys if it’s ordered to.
And although Facebook insists that it couldn’t read your WhatsApp messages even if it wanted to, critics have been suspicious since the buy – since Facebook’s entire platform depends on data and advertising, and its own Messenger service is infamously intrusive.
In terms of security, it’s important to distinguish pure secure messaging apps from apps that happen to have some security, for instance the hugely popular WhatsApp and SnapChat. Many use encryption but operate using insecure channels in which the keys are stored centrally and hide behind proprietary technologies that mask software weaknesses.
As it happens, earlier in 2015 Facebook’s WhatsApp started using the TextSecure platform (now called Signal – see below) from the Open Whisper Systems which improves security by using true end-to-end encryption with perfect forward secrecy (PFS). This means the keys used to scramble communication can’t be captured through a server and no single key gives access to past messages. It was presumably this sort of innovation that so upset British Prime Minister David Cameron when in early 2015 he started making thinly-veiled references to the difficulty security services were having in getting round the message encryption being used by intelligence targets.
In April 2016, the Signal protocol was rolled out as a mandatory upgrade to all WhatsApp users across all mobile platforms, an important moment for a technology that has spent years on the fringes. At a stroke it also made Open Whisper Systems the most widely used encryption platform on earth, albeit one largely used transparently without the user realising it.
It's fair to say that police and intelligence services are now worried about the improved security on offer from these apps, which risks making them favoured software for terrorists and criminals. That said, they are not impregnable. Using competent encryption secures the communication channel but does not necessarily secure the device itself. There are other ways to sniff communications than breaking encryption.
Most recent apps will, in addition to messaging, usually any combination of video, voice, IM, file exchange, and sometimes (though with a lot more difficulty because mobile networks work differently) SMS and MMS messaging. An interesting theme is the way that apps in this feature often share underlying open source technologies although this doesn’t mean that the apps are identical to one another. The user interface and additional security features will still vary.
For further background, the Electronic Frontier Foundation (EFF) published a comparison in 2014 of the of the sometimes confusing levels of security on offer from the growing population of apps on the market. All mobile messaging apps claim to use good security but this is a useful reminder that definitions of what ‘secure’ actually means are starting to change.
While understandably alarming, this information has been challenged by some, claiming that the WikiLeaks report is misleading. "The CIA has some exploits for Android/iPhone. If they can get on your phone, then of course they can record audio and screenshots," stated Robert Graham from Errata Security. "Technically, this bypasses/defeats encryption - but such phrases used by Wikileaks are highly misleading, since nothing related to Signal/WhatsApp is happening," he added.
Kanjoos Tech
WhatsApp?
WhatsApp is one of the most popular messaging apps out there, and while it might not be the most secure, it can offer a good level of protection even among times of controversy.This week, WikiLeaks released information documenting over 8,000 CIA spying files in its 'Vault 7' collection. Reports surrounding this claimed that the CIA was able to easily bypass WhatsApp's (and Signal's) security systems and read user messages. In addition, WikiLeaks also said that the CIA uses malware and hacking tools to remotely hack smartphones and turn TVs into recording devices.
Essentially, this shows that anyone can hack into a phone once they have access to it. It also highlights the fact that currently encryption doesn't measure up to the hacking abilities of the CIA, and if anyone thought downloading an app would prevent intelligence agencies from accessing their phone's data, then they are entirely wrong.
In February 2017 WhatsApp incrementally introduced two-factor authentication to all of its users as an optional added layer of security.
Two-factor authentication essentially means verifying your identity twice – and in this case users will choose to access their account through a six-digit number. WhatsApp users will need to enable the feature through their settings and once switched on, the passcode will remain on the associated account, no matter which device it's being accessed through.
The feature first appeared in beta late last year, and the app will require users to enter the passcode about once every week. Users will be able to set up a backup email in case they forget the passcode.
It's unlikely to inspire enormous confidence in WhatsApp as a secure platform, but it is a small nod towards security for personal use.
Earlier this year, a Guardian report claimed that a security vulnerability in WhatsApp meant Facebook – WhatsApp’s parent company – could read encrypted messages sent through the service. Security researcher Tobias Boelter told the paper that WhatsApp is able to create new encryption keys for offline users, unknown to the sender or recipient, meaning that the company could generate new keys if it’s ordered to.
And although Facebook insists that it couldn’t read your WhatsApp messages even if it wanted to, critics have been suspicious since the buy – since Facebook’s entire platform depends on data and advertising, and its own Messenger service is infamously intrusive.
In terms of security, it’s important to distinguish pure secure messaging apps from apps that happen to have some security, for instance the hugely popular WhatsApp and SnapChat. Many use encryption but operate using insecure channels in which the keys are stored centrally and hide behind proprietary technologies that mask software weaknesses.
As it happens, earlier in 2015 Facebook’s WhatsApp started using the TextSecure platform (now called Signal – see below) from the Open Whisper Systems which improves security by using true end-to-end encryption with perfect forward secrecy (PFS). This means the keys used to scramble communication can’t be captured through a server and no single key gives access to past messages. It was presumably this sort of innovation that so upset British Prime Minister David Cameron when in early 2015 he started making thinly-veiled references to the difficulty security services were having in getting round the message encryption being used by intelligence targets.
In April 2016, the Signal protocol was rolled out as a mandatory upgrade to all WhatsApp users across all mobile platforms, an important moment for a technology that has spent years on the fringes. At a stroke it also made Open Whisper Systems the most widely used encryption platform on earth, albeit one largely used transparently without the user realising it.
It's fair to say that police and intelligence services are now worried about the improved security on offer from these apps, which risks making them favoured software for terrorists and criminals. That said, they are not impregnable. Using competent encryption secures the communication channel but does not necessarily secure the device itself. There are other ways to sniff communications than breaking encryption.
Most recent apps will, in addition to messaging, usually any combination of video, voice, IM, file exchange, and sometimes (though with a lot more difficulty because mobile networks work differently) SMS and MMS messaging. An interesting theme is the way that apps in this feature often share underlying open source technologies although this doesn’t mean that the apps are identical to one another. The user interface and additional security features will still vary.
For further background, the Electronic Frontier Foundation (EFF) published a comparison in 2014 of the of the sometimes confusing levels of security on offer from the growing population of apps on the market. All mobile messaging apps claim to use good security but this is a useful reminder that definitions of what ‘secure’ actually means are starting to change.
While understandably alarming, this information has been challenged by some, claiming that the WikiLeaks report is misleading. "The CIA has some exploits for Android/iPhone. If they can get on your phone, then of course they can record audio and screenshots," stated Robert Graham from Errata Security. "Technically, this bypasses/defeats encryption - but such phrases used by Wikileaks are highly misleading, since nothing related to Signal/WhatsApp is happening," he added.
Kanjoos Tech
Easily Boost Your ClickBank Commissions And Traffic
ReplyDeleteBannerizer made it easy for you to promote ClickBank products using banners, simply visit Bannerizer, and get the banner codes for your picked ClickBank products or use the Universal ClickBank Banner Rotator to promote all of the available ClickBank products.