How secure are your messages really?

messages

Tbtech looks into the recent discovery that not all encrypted messages are as safe as everyone thought, and the methods users can take to maintain privacy.

Tech users want to know that their information is kept private, and this is a large selling point for end-to-end encrypted message services. For many years now, iMessage and WhatsApp have competed to be the best and most well-known in the communications sector, each claiming to be the most secure messaging system available. Both companies have done well to champion cybersecurity trust, but recently, a significant flaw has revealed a crack in this trust. 

The news came via a release by Property of the People, a non-profit organization that explained its motives as being ‘devoted to governmental transparency’ on Twitter. This showed an official FBI training document detailing different messenger services and the ability to gain information on a suspect via legal means through that service.

An image of messages, Security, How secure are your messages really?

iMessage, the exclusive Apple messenger service, was placed at the top of this list as the most easily accessible messaging service for gaining access to private information. On this file, it listed that those who access iMessage can recover message history and contact details. The flaw in the system is the cloud backup system; all the messages are encrypted as promised and secure while being sent; however, once the message history is backed up to the cloud, they are accessible. This is due to the encryption keys being backed up to the same file; not the most brilliant move by Apple.

WhatsApp, the well-known message service owned by Meta Platforms, only allows access to a list of contacts created within the app. Much less information than potentially incriminating messages but still not as secure as people were made to believe.

Of course, all access requires a legal subpoena first; however, if one person has been in contact with someone being investigated (even in passing), all of their messages would be legally included in a subpoena. This is avoidable by simply turning off your automatic backup (shown below). This does mean if you lose your device, your old messages will not be recoverable when syncing a new phone or tablet.

An image of messages, Security, How secure are your messages really?

Apple has not commented on this flaw and it’s not surprising after its year of PR nightmares, including the August announcement that images being sent in this messenger service would be screened by an AI in order to determine if they are sexual in nature, which brought on tremendous backlash.

It is interesting that the news of this FBI document came to light only two months after WhatsApp struck out against Apple for its message security. As mentioned before, it is more reassuring to know that there is no access to message content for WhatsApp users, however the FBI has been quoted saying it can request contact lists and metadata “sent every 15 minutes”. WhatsApp did release an update to fix this error, including a user warning advising them to remove the iCloud back-up during a step-by-step setup process in September.

Presently, Apple’s public image is suffering, not only due to encryption errors but also because of its struggles with the ongoing Malware issue known as Pegasus (created by NSO Group, the Israeli spyware company). This malware reportedly gains access to your phone in an attempt to ‘investigate terrorism’.

When asked about the situation, head of Apple security engineering and architecture, Ivan Krstic stated “Apple runs one of the most sophisticated security engineering operations in the world, and we will continue to work tirelessly to protect our users from abusive state-sponsored actors like NSO Group.”

In a rebuttal statement, a spokesperson from NSO commented that “thousands of lives were saved around the world thanks to NSO Group’s technologies used by its customers.” This shows NSO sees themselves as providing a service to the community, begging the question, when is full privacy allowed, and when is breaking it acceptable?

Interestingly, the NSO Group was sued for the same malware issue by WhatsApp owners Meta, (formerly Facebook) back in 2019, which means it has taken Apple two years to jump to action on this issue. While filing the lawsuit they did make a statement that “to prevent further abuse and harm to its users, Apple is also seeking a permanent injunction to ban NSO Group from using any Apple software, services, or devices.”

Read More:

Google has been on the move to surpass Apple and make Android the new secure go-to device that Apple has always been known for. Google’s new global RCS—Rich Communication Services release is much stricter than iMessage’s previous end-to-end encryption as it does not allow any group chats or use of multiple devices. The only thing allowed (to ensure security) is 1:1 messages between two people. Apple has considered joining this system and becoming a cross-platform messenger previously, allowing an Android phone to use Apple-exclusive apps. However, just like then it has now again refused to join, clearly due to its resistance to break away from the closed ecosystem Apple is known for. Google have since taunted Apple and the feud over who is the most secure continues.

The issue at the end of this is that users can not feel comfortable on any messaging service as new reports constantly come in of security breaches (mostly propaganda based it seems). The companies behind the messaging services refuse to work together to solve this problem and it is the users that suffer in the long run.

Click here to discover more of our podcasts

For more news from Top Business Tech, don’t forget to subscribe to our daily bulletin!

Follow us on LinkedIn and Twitter

An image of messages, Security, How secure are your messages really?

Erin Laurenson

Multimedia Content Producer for TBTech

DUBLIN TECH SUMMIT 2022 IS BACK AT THE RDS IN...

TBT Newsroom • 27th May 2022

After a long period of restrictions and countless cancelled events all over the world, we are extremely excited to announce that Dublin Tech Summit (DTS) LIVE is back on 15-16 June 2022, at Dublin’s most famous venue, the RDS, in accordance with all governmental COVID safety guidelines. Our event will bring together over 8,000 professionals...

Is your business ready for Headless Commerce?

Sam van Hees • 26th May 2022

Sam Van Hees, co-founder & CMO of Instant Commerce, a frontend as a service solution which enables any eCommerce brand to build a high-end headless storefront, explores the top seven signs your ecommerce business is ready to make the switch to headless commerce.

Fibre – Is Your Business Being Hoodwinked?

Dom Norton • 25th May 2022

By researching and understanding all of the options, away from the smoke and mirrors marketing tactics, business owners can make a more informed choice around their connectivity and ultimately get what they are actually paying for.

Rivery Raises $30M B Round

Rivery Dataversity • 24th May 2022

Rivery, the SaaS ELT today announced a new funding round of venture capital led by Tiger Global alongside existing investors State Of Mind Ventures and Entrée Capital.