WhatsApp has a secure solution to one of its biggest drawbacks



Ubiquitous end to end encrypted message service WhatsApp merger safety and convenience for 2 billion people around the world. But there has always been a big limitation: the service relies entirely on your smartphone. You can use your account on your desktop or online, but you are actually only communicating with the mirror of what is on your phone. If his battery runs out or you want to use two secondary devices at once, you’re out of luck. But WhatsApp says it has finally found a solution.

Today is WhatsApp launch limited beta to run actual testing on a multi-device scheme. With the new feature, you will be able to use WhatsApp on your phone and up to four other devices at the same time. The only caveat is that the other four must be devices other than “phones.” Your smartphone will still be the first device on which you set up WhatsApp; you will add other devices by scanning QR codes from your phone.

Using WhatsApp on different devices would not be a problem if your data lived on WhatsApp servers. However, the company’s encryption scheme prevents it from ever seeing the content of your messages, and WhatsApp doesn’t store them at all after delivery. This is why mirroring your phone to your desktop, such as WhatsApp and many other secure messaging apps in the past, is an appealing, appealing option. All security protections extend from your phone and nothing actually happens on the other device. Complex cryptographic skirmishes are needed to actually anoint other devices and keep everything in sync.

“As we enter the multi-device era, the team’s biggest concern is to ensure that WhatsApp security will remain impenetrable,” says Scott Ryder, director of WhatsApp Consumer Engineering. “It really is the core of why the project took more than two years. When both internal and external security checks agreed that we had achieved that goal – it was an exciting moment. “

The basic idea of ​​end-to-end encrypted communication is that data is unreadable at all times, except to the sender and receiver. This means, for example, that the message is decrypted and accessed only on the phone from which you sent it and the phone of the person to whom you sent it. Group messages or calls make this a little more complicated, but as long as everyone is constantly using the same device, it’s doable.

However, you can see how complicated it is for the service to track who is who if they all have three devices at once and want real-time synchronization between them. Without full end-to-end encryption, the central server can peek into the data a bit to figure out what to go where. But when you’re really trying to keep things locked up, you need a special system to make it work.

As Facebook CEO Mark Zuckerberg Put it on to WABetaInfo in early June, “It’s a big technical challenge to get all your messages and content in sync properly on all devices.”

All of this work involves two main components. One is that instead of having one identity key for each user – in other words, a smartphone connected to an account – every device you use for WhatsApp now has its own identity key. WhatsApp’s server stores a kind of family tree of all device identities in the user’s account; when someone wants to send a message to that account, the server provides a whole list of keys so that the message goes to all the right devices.

WhatsApp says it has carefully added checks to this system to make sure the bad actor can’t add additional devices to your account and receive your messages. Users can check the list of devices associated with their account to make sure there is no lurking, and they can also compare the “security code” with someone they are communicating with to ensure the two codes match. If something goes wrong and one user has an additional, unverified device registered to their account, the codes will not match.


Source link


Please enter your comment!
Please enter your name here