Journalist - Concerned with Tech Censorship, Sustainable Food Systems, Space Exploration
In a recent spate of confusing articles on whether or not Cellbrite, a digital intelligence agency out of Israel, cracked Signal's encryption has once again brought the encryption issue behind messaging apps to the public eye.
Even if Cellbrite jumped the gun in publishing their report (which was taken down) the question remains - are we safe?
In 2019, researchers associated with Checkpoint Software Technologies, Oded Vanunu and Roman Zaikin, showed how Facebook-owned WhatsApp could be hacked to change the text of a message and the identity of the sender during the Red Hat USA conference.
WhatsApp and other messaging apps have long been revealed as less than secure by experts experienced in software vulnerabilities.
Checkpoint became famous by showing vulnerabilities for Telegram, Amazon, Alexa and TikTok.
The question really is - how can we, both common citizens and professionals in the intelligence and the political space, be sure that our data is protected?
Nothing is 100%, but there are companies that appear to be better than others. Both Oded Vanunu and Roman Zaikin took a look at Israeli-Polish startup UseCrypt (acquired by the Lazar Vision Fund in 2019). Usecrypt has been around since 2015 and although has remained small, it has steadily grown amongst high-level adopters. Full Disclosure, I myself use it and find the way it encrypts to be pretty hard to crack.
Vanunu and Zaikin confirmed the same thing.
“Following a deep reverse engineering and investigation, we found out that if the user defines a passcode it is impossible to decrypt the database of UseCrypt,” Vanunu said. This is because the key is not stored anywhere and so it is impossible to decrypt the device.
Signal does not work the same way. It stores the key on the phone and although it is pretty hard to find it given the security of current phones, it is still possible. This is just one of the reasons I switched from Signal to UseCrypt.
So is encryption dead? No. It is, however, evolving and in order for us to stay protected, we have to keep up to date and not rely on big companies and their claims of having encrypted messaging.
Create your free account to unlock your custom reading experience.