End to End Encryption Still Vulnerable to Hack Attacks
Beware WhatsApp and Viber users! The so called end-to-end encryption is vulnerable! On May 05, WhatsApp launched end-to-end encryption for its users, claiming to provide the much needed protection to one on one and group chats, videos, messages, images etc. This was followed by Viber that came up with its own version of end-to-end encryption.
But it seems that not everyone is impressed with this particular feature. The security experts have come to a conclusion that the end-to-encryption is somewhat vulnerable to hack attacks. They hold the point of view that the Signalling System (SS7) on which most of these messaging apps rely heavily to transmit messages, is vulnerable in itself. In fact the encryption mechanism added to apps is really prone to hack attacks.
“Telecommunications signalling for all services like – voice, text, etc., travel across the SS7 network. Chat applications such as WhatsApp, Telegram, and others use SMS verification based on text messages using SS7 signalling to verify identity of users/numbers. The issue is that, as an attacker, access to the SS7 network can easily be purchased, the only negotiation being on the price paid”, says Alex Mathews, technical manager EMEA of Positive Technologies.
He further added that SMS authentication is also an important part of transferring messages through WhatsApp and Viber. This authentication is a part of two factor authentication process that these firms use to protect users’ incoming and outgoing messages.
As the situation stands, users will continue to use these services, but the conversations are unlikely to remain hidden from the prying eyes of hackers and intruders. The researchers on the other hand feel that there is still a huge room for improvement within the encryption systems, and it will take companies more time than expected to make personal messages truly encrypted.