Analogue phone calls weren’t encrypted, and they could be eavesdropped, but they really were end-to-end communications.
The sound went from your mouthpiece, down a long and possibly very convoluted electrical circuit, right into the earpiece of the recipient.
If the recipient wasn’t there, the call couldn’t be saved for later – it simply didn’t happen.
When you add encryption to a circuit-switched call of that sort, as analogue phone scramblers did, the easiest way to do it is also end-to-end.
Your telephone instrument scrambles the voice signal as soon as it leaves the mouthpiece, and the instrument at the other end unscrambles it just before feeding it into the earpiece.
If the scrambling is any good, there’s nothing an eavesdropper can do to listen in, or to make sense of the call along the way, because the voice signal exists as unrecognisable noise all the way along the wire.
But internet communications such as emails and instant messages (IMs) hardly ever work like that.
After all, you probably have some sort of firewall, either in your router or on your computer, that deliberately blocks incoming internet connections, not least to reduce the chance of hackers finding a way in to a private device such as a webcam or a file server.
It’s not really end-to-end at all
When I send a email or an IM to you, it isn’t really end-to-end at all, and (in the strictest sense) it probably isn’t really sent to you.
Loosely speaking, I connect to a server and upload the message, where it sits around until you connect to the server and download it.
That may happen as good as instantaneously, but my computer never actually has a network connection open that transmits data packets directly from my network card to yours.
And when I say “a server,” I may very well mean “a service consisting of a vast collection of global server farms, in dozens of countries, that can deal reliably and redundantly with billions of messages a day from hundreds of millions of users, but which I access by a single, easy-to-remember name as if the whole thing consisted of just one server.”
Such as WhatsApp.
In an environment like that, true end-to-end encryption is much harder than it is for circuit-switched calls or browser-to-web-server connections, because messages may have multiple “ends” during their journey through the network.
For all you know, the message may get decrypted and re-encrypted many times as it is received, stored, queued up and delivered onwards until it’s ready to be downloaded by the recipient.
Does message encryption matter?
Does end-to-end encryption of our internet messages matter?
Yes, it does.
Many people think it doesn’t, on the grounds that they think they have nothing to hide.
What they mean by that is that they aren’t doing anything illegal.
If someone were to eavesdrop on their network traffic, or break into a server that had a temporary decrypted copy of a message in transit, or download a database of old communications, they wouldn’t be in trouble with the law.
Therefore they’re willing to risk letting other people know all about them in the hope that this will make it easier to catch out cybercrooks, who ought to be in trouble with the law but who currently seem to be getting away with it rather easily.
The problem is that the people who’d most like to eavesdrop on everything you do are those selfsame cybercrooks, and they aren’t interested in finding out whether you’ve broken the law.
They want to know about anything and everything that do you when you aren’t breaking the law, so that they can illegally get a slice of the bona fide parts of your life, such as receiving your salary and spending it.
As an aside, we actually all have things we need to hide, whether we realise it or not. The irony in today’s surveillance-happy society is that we are compelled to hide some of these things in order to be law-abiding ourselves. Securing customer data is a great example: we need to do that not only because it’s morally wrong not to, but also to comply with laws relating to privacy and data protection. Crudely put, the only way to have nothing left to hide is to hide everything.
That’s why we’re pleased to hear WhatsApp’s news that the latest versions of its app support end-to-end encryption, for calls, photos, videos, file transfers, and voice messages.
WhatsApp has a chequered history when it comes to security and encryption, including cooking up its own cryptographic algorithm that relied on randomly-generated encryption keys that were used only once…
…but then using them twice.
Almost exactly two years ago, we wondered whether Facebook’s acquisition of WhatsApp would lead to better security, both technically and culturally, and it’s looking as though the answers are, “Yes, and Yes.”
What WhatsApp did
We’re not going to try to explain the cryptographic details here (you can read a handy technical summary from WhatsApp itself), but the key aspects, if you will pardon the pun, are:
- The service neither generates nor stores your private encryption keys. This applies whether you’re sending or receiving data.
- The service uses a new public key for each message. These public keys are provided by you to match private keys generated by you.
- The server provides a key fingerprint for every message. You can verify these independently if you wish, a bit like clicking on the padlock in your browser to verify a web security certificate.
The side-effects of these features are, admittedly assuming that there no errors in the cryptographic protocols used or the programs written to implement them, are as follows:
- WhatsApp can’t decrypt your messages in transit, even if it wanted to, or if someone tried to force one of its staff to do so by fair means or foul.
- WhatsApp doesn’t hold any cryptographic secrets of yours that might help a crook attack other services you use.
- Eavesdroppers who record your messages have only one chance to decrypt each message. Decrypting today’s messages doesn’t give away the key to unscramble messages that were collected in the past but haven’t yet been decrypted.
(The last feature above is what’s known as forward secrecy because it means that you can’t crack a message in the future, for example when computers are much faster, and automatically use that crack to unlock years of past traffic in one go: there’s nothing analogous to a “message master key.”)
Anyone who thinks that encryption systems should be fitted with backdoors, so that security and secrecy can be deliberately sidestepped when it’s convenient, will probably be unhappy with what WhatsApp has done here.
But at Sophos, we believe in #nobackdoors, so we’re pleased with WhatsApp, and we think you should be too.
History teaches us that deliberate encryption backdoors end up favouring exactly the people they were supposed to catch out, and putting at risk the vast majority of us who are law-abiding.
And those who cannot remember the past are condemned to repeat it.
byPaul Ducklin from Sophos
Contact Sentree Systems, Corp. for complete Small Business IT Security