No, you shouldn’t delete Signal or other encrypted apps – TechCrunch

As alarm bells sound around the latest document dump from WikiLeaks, misinformation can spread like wildfire. Journalists are just starting to pore over the files, but a number of security researchers and privacy advocates are hoping to quash the misconception that encrypted chat apps like Signal and WhatsApp have been compromised.

A now corrected tweet by The New York Times seems to have set some of this speculation in motion.

I think a lot of people look at the headlines from this morning and think Oh well, I shouldnt use those apps,' Ross Schulman of the Open Technology Institute explained in a call with TechCrunch. What is actually true is that those apps are really important for people to use, they protect a lot of people.

The main distinction here is that if a device like your smartphone is compromised, say through malware in iOS for example, no amount of encryption can make it safe again.

Theres nothing that the app can do, it has to decrypt the message in order for you to read it, otherwise it would be kind of useless, Schulman explains. And when that happens, thats when malware on the computer or on the handset can kick in and read the plain text just as well as you can.

In spite of the misconceptions, somein security still see the WikiLeaks Vault7 data as awake-up call for those who dont yet take privacy seriously. Signal, WhatsApp and other encrypted messaging services are still functioning exactly as originally intended as the hackers arent breaking that encryption,Ajay Arora, CEO and co-founder of security firmVera, told TechCrunch.

Security is all about a series of layers concentrating on depth and breadth. The encryption of the apps themselves isnt whats in question and people who want to continue to use their favorite apps, should. However they should also consider other measures of security, as there is no one silver bullet to solve all security issues.

According to Joseph Hall, chief technologist for the Center for Democracy & Technology, the WikiLeaks files do not appear to contain any evidence that apps like Signal have been compromised. Its one of these unfortunate collisions of a whole lot of data and a whole lot of interests all at once, Hall told TechCrunch. Theres nothing that seems to indicate that the crypto is broken.

Hall thinks the documents might contain some interesting details that further confirm ongoing concerns around the kind of poorly secured IoT devices we bring into our homes, but the worryover Signal is misguided. They seem to be getting into the devices before the encryption is applied, Hall explains.

If the CIA (or anyone else) gains access to your device, it gains total control. Hall explains how this would work with hypothetical spying malware:

They can install a little thing that can take a picture of your screen every half a second or something like that. And that would be pretty useful for one reading anything that you type into one of these encrypted messaging apps, but also reading anything you readin these encrypted messaging apps. Its not just about your messages but about anyone you communicate with as well.

Ultimately, encrypted apps like Signal remain one of the most robust ways to protect your private communications todays WikiLeaks news didnt change that.

Unfortunately, you have to keep very, very good control over your phone, Hall said. Theres just no perfect answer in terms of being 100% unexploitable by these powerful, powerful governments.

More:
No, you shouldn't delete Signal or other encrypted apps - TechCrunch

Related Posts

Comments are closed.