{"id":11785,"date":"2016-04-06T11:01:56","date_gmt":"2016-04-06T15:01:56","guid":{"rendered":"https:\/\/www.kaspersky.co.za\/blog\/?p=11785"},"modified":"2017-09-24T17:19:48","modified_gmt":"2017-09-24T15:19:48","slug":"whatsapp-encryption","status":"publish","type":"post","link":"https:\/\/www.kaspersky.co.za\/blog\/whatsapp-encryption\/11785\/","title":{"rendered":"WhatsApp switches to secure end-to-end encryption"},"content":{"rendered":"<p>WhatsApp is one of the most popular instant messaging services in the world. The service has more than a <a href=\"https:\/\/blog.whatsapp.com\/616\/one-billion\" target=\"_blank\" rel=\"noopener nofollow\">billion users<\/a>.<\/p>\n<p>Perhaps the biggest reason for the app\u2019s popularity is its convenience. You can use it to send text, video and photos unlimitedly for free. WhatsApp also allows you to make worldwide calls absolutely for free (data fees aside). Until now the only issue that concerned a segment of users was privacy, as the service had serious problems with security.<\/p>\n<p><a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/103\/2016\/04\/06022517\/whatsapp-encryption-FB.jpg\" rel=\"attachment wp-att-11786\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/103\/2016\/04\/06022517\/whatsapp-encryption-FB.jpg\" alt=\"WhatsApp switches to secure end-to-end encryption\" width=\"1280\" height=\"1280\" class=\"aligncenter size-full wp-image-11786\"><\/a><\/p>\n<p>On April, 5 WhatsApp <a href=\"https:\/\/blog.whatsapp.com\/10000618\/end-to-end-encryption\" target=\"_blank\" rel=\"noopener nofollow\">announced<\/a> that it had finally implemented the end-to-end encryption across the platform. This step will probably make the messenger even more popular and bring a lot of troubles to spies of all stripes (including security agencies): over a billion users\u2019 privacy is now strongly fortified.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Are your secrets safe on your messenger apps? <a href=\"https:\/\/t.co\/Ijic1e3hHI\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/Ijic1e3hHI<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/privacy?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#privacy<\/a> <a href=\"https:\/\/t.co\/OcVY8UTryD\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/OcVY8UTryD<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/667728555258847234?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">November 20, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Let\u2019s clarify, what has changed in WhatsApp and how it will impact you and me.<\/p>\n<h3>All the colors of encryption<\/h3>\n<p>WhatsApp for Android implemented some kind of encryption a long time ago. The messenger relied on common SSL and TLS protocol that are used, for example, in emails.<\/p>\n<p>But there is encryption, and then there is the way it\u2019s implemented. The old version was implemented poorly: it had <a href=\"https:\/\/www.praetorian.com\/blog\/whats-up-with-whatsapps-security-facebook-ssl-vulnerabilities\" target=\"_blank\" rel=\"noopener nofollow\">some flaws<\/a> that allowed hackers to steal and decrypt users communications. Besides, a part of data was not encrypted at all.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">11 Unsecure Mobile and Internet Messaging Apps <a href=\"https:\/\/t.co\/ijXhbsZEp3\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/ijXhbsZEp3<\/a>  <a href=\"https:\/\/twitter.com\/hashtag\/security?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#security<\/a> <a href=\"http:\/\/t.co\/0BEAH3cFAV\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/0BEAH3cFAV<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/535772296154476544?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">November 21, 2014<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>When EFF made a list of the most and the least secured messengers, WhatsApp received two stars from a maximum of seven. As a result, we had to add this app to our <a href=\"https:\/\/www.kaspersky.co.za\/blog\/11_unsecure_messengers\/6806\/\" target=\"_blank\" rel=\"noopener\">\u201cblack list\u201d of insecure messengers<\/a>, but we also noted that with time WhatsApp would sever itself from the D-team. By that time WhatsApp has already <a href=\"https:\/\/whispersystems.org\/blog\/whatsapp\/\" target=\"_blank\" rel=\"noopener nofollow\">announced<\/a> that Open Whisper Systems would provide its Signal Protocol encryption to make the messenger secure.<\/p>\n<p>Open Whisper Systems is a non-commercial organization, the developer of Signal, one of the most protected instant messaging services \u2014 according to aforementioned EFF. It also created RedPhone, the secure software for VoiP communication. These solutions received 7 stars from EFF \u2014 the highest score possible. Despite great reliability, they are used by only a few. WhatsApp is a great deal more popular than all of them together.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">9 Most Secure and Private Internet and Mobile Messaging Services <a href=\"https:\/\/t.co\/30xBpa0kSb\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/30xBpa0kSb<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/mobileprivacy?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#mobileprivacy<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/security?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#security<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/533299586245611523?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">November 14, 2014<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Now that WhatsApp uses Signal Protocol, the app has almost reached the same level of security as the abovementioned solutions: since the announcement on encryption, the EFF <a href=\"https:\/\/www.eff.org\/secure-messaging-scorecard\" target=\"_blank\" rel=\"noopener nofollow\">has changed their rating of WhatsApp to 6 stars<\/a> out of 7. In comparison to the previous 2 stars it\u2019s a huge step ahead. So, what has changed?<\/p>\n<h3>What\u2019s the fuss about new WhatsApp encryption?<\/h3>\n<p>On November 2014 WhatsApp could encrypt messages (poorly) and was audited by an independent organization in less than a year before. This brought the app two stars. On April, 5 WhatsApp went up the rating and got 4 additional stars in one day.<\/p>\n<p>The first star the messenger received for the fact that now even WhatsApp employees cannot decrypt and read users messages. Let us remind you that Apple vs FBI quarrel broke out for almost the same reason: because the company <a href=\"https:\/\/www.kaspersky.co.za\/blog\/apple-versus-fbi\/11381\/\" target=\"_blank\" rel=\"noopener\">claimed<\/a> that it cannot hack its own smartphone even despite the request of security services.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Signal Encrypted Messaging Comes to Desktop: <a href=\"https:\/\/t.co\/np1NsNbVZJ\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/np1NsNbVZJ<\/a> via <a href=\"https:\/\/twitter.com\/threatpost?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">@threatpost<\/a> <a href=\"https:\/\/t.co\/EfzgZh43ox\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/EfzgZh43ox<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/672502633232470017?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">December 3, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>WhatsApp received another star for proper identity verification mechanism: when the chat begins, users can ensure that they are speaking with the person they expect to connect, and check the integrity of the channel.<\/p>\n<p>The messenger was awarded the fifth star as it always changes encryption keys. So if anybody steals the key, the culprit would be able to decrypt only a part of the conversation, while the previous conversations would be unavailable.<\/p>\n<p>And finally, the sixth star was given because Signal Protocol implementation in WhatsApp is well-documented. This measure lets the audience, including professional cryptographers, review the crypto-design and ensure that encryption keys are generated, stored and sent securely.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\"><a href=\"https:\/\/twitter.com\/hashtag\/Poll?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#Poll<\/a> Your thoughts on the end-to-end <a href=\"https:\/\/twitter.com\/hashtag\/encryption?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#encryption<\/a> from <a href=\"https:\/\/twitter.com\/WhatsApp?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">@whatsapp<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/717722676119228416?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">April 6, 2016<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>The last, seventh star was not given to WhatsApp as the messenger does not open its source code. When developers open their code, Internet users can unite their efforts to find new vulnerabilities and make the solution more secure. Facebook, the owner of WhatsApp, seems to be willing to work on this on their own.<\/p>\n<p>However, 6 stars is the highest score for the majority of popular messengers. For example, Skype and Yahoo Messenger still have only one star. The main WhatsApp\u2019s rival \u2014 Viber \u2014 has two stars. Among popular solutions only Telegram\u2019s secret chats can compete with WhatsApp in terms of security, as they have 7 of 7 possible stars.<\/p>\n<h3>Conclusion<\/h3>\n<p>The latest WhatsApp version encrypts all data: text, pictures, video and voice calls for any amount of people in chat or on the call. Encryption works on all platforms, starting from Nokia S40 and Symbian to iOS, Android, Blackberry 10 and Windows Phone.<\/p>\n<p>WhatsApp creators Jan Koum and Brian Acton are sure that many people will highly appreciate this change for the better. More than a billion of people are now able to speak securely and share thoughts on any topic privately. This is a huge step towards privacy on the Internet \u2014 quite the opposite trend to what <a href=\"https:\/\/www.kaspersky.co.za\/blog\/privacy-new-baroque\/11680\/\" target=\"_blank\" rel=\"noopener\">we recently observe in the world<\/a>.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Let's talk a bit about <a href=\"https:\/\/twitter.com\/hashtag\/privacy?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#privacy<\/a> on the Internet, please join in <a href=\"https:\/\/t.co\/DeEiFrHgxd\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/DeEiFrHgxd<\/a> <a href=\"https:\/\/t.co\/CgIkPafnek\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/CgIkPafnek<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/714464840689975296?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">March 28, 2016<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n","protected":false},"excerpt":{"rendered":"<p>WhatsApp has just adopted the end-to-end encryption based on Signal Protocol. Kaspersky Daily explains, why it\u2019s the good news and what are the real benefits for all of us.<br \/>\nCategories: Featured, News, Security<\/p>\n","protected":false},"author":696,"featured_media":11787,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[5],"tags":[1533,261,1134,607,43,1534,1532,546],"class_list":{"0":"post-11785","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-news","8":"tag-chat-app","9":"tag-encryption","10":"tag-internet","11":"tag-messengers","12":"tag-privacy","13":"tag-secure-chat","14":"tag-signal","15":"tag-whatsapp"},"hreflang":[{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/whatsapp-encryption\/11785\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/whatsapp-encryption\/5408\/"},{"hreflang":"ar","url":"https:\/\/me.kaspersky.com\/blog\/whatsapp-encryption\/3793\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/whatsapp-encryption\/6991\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/whatsapp-encryption\/6940\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/whatsapp-encryption\/8075\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/whatsapp-encryption\/7904\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/whatsapp-encryption\/11533\/"},{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/whatsapp-encryption\/1988\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/whatsapp-encryption\/11785\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/whatsapp-encryption\/5512\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/whatsapp-encryption\/6153\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/whatsapp-encryption\/7341\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/whatsapp-encryption\/10943\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/whatsapp-encryption\/11533\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/whatsapp-encryption\/11785\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.co.za\/blog\/tag\/chat-app\/","name":"Chat app"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/posts\/11785","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/users\/696"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/comments?post=11785"}],"version-history":[{"count":1,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/posts\/11785\/revisions"}],"predecessor-version":[{"id":18534,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/posts\/11785\/revisions\/18534"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/media\/11787"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/media?parent=11785"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/categories?post=11785"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/tags?post=11785"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}