Hello,

We noticed you're browsing in private or incognito mode.

To continue reading this article, please exit incognito mode or log in.

Not an Insider? Subscribe now for unlimited access to online articles.

Connectivity

How Cops Could Wiretap Encrypted iMessage and WhatsApp Chats

WhatsApp could be the next target in the Department of Justice’s war on encryption, and the service has a weakness that makes wiretapping easy.

Apple’s troubles with the Department of Justice may be about to double. And Facebook may soon also be sucked into the fight with the U.S. government over how much encryption is too much.

Apple is in a legal dispute with the Justice Department over its claim that the system that encrypts data stored on an iPhone unreasonably impedes law enforcement. Yesterday the New York Times reported that the Justice Department also has problems with the encryption built into Facebook’s WhatsApp messaging service. It is designed such that the company cannot decrypt messages and provide them to law enforcement. Apple’s messaging service, iMessage, uses a similar design.

There’s no sign yet that the Justice Department is about to kick off a second legal and public fight against Apple, or take on Facebook. But we do know that a weakness in how iMessage and WhatsApp are designed means that Apple and Facebook could allow law enforcement to listen in on their messaging systems relatively easily, even if they cannot hand over past messages. Cryptographer and Johns Hopkins University professor Matthew Green has written that the answer to the question of whether Apple could backdoor iMessage is “absolutely.”

WhatsApp and iMessage both use a design known as end-to-end encryption. That means that when devices exchange messages, the keys needed to decrypt the chat reside only with the devices involved. This is different from most services, like e-mail, for example, where your messages are only encrypted on the way to and from your service provider, and that company has access to the key needed to decrypt messages.

The problem with iMessage and WhatsApp is that Apple and Facebook want it to be easy for you to start conversations on their platforms. And so they act as a middleman and control the crucial keys used to secure your messages.

If you make a new friend and send her a message on WhatsApp or iMessage, the company behind either service tells your device which keys to use to encrypt the message, and to decrypt the reply. Apple or Facebook could include with the keys they hand out a special extra key that effectively adds the FBI to your conversation. Any messages sent between you and that contact could then be read by investigators, like a wiretap.

The solution to this weakness is well understood and used by messaging services that put more emphasis on security, such as Signal. If you can inspect the key used for chats with a specific contact, then you can confirm with them that you are only using keys associated with each other’s devices.

Adding that feature would (slightly) complicate the design of WhatsApp and iMessage, and the vast majority of people who use the platform probably wouldn’t use it. But the Guardian reported on Monday that Facebook and Apple are both planning to expand their use of encryption in response to the recent public and legal complaints of the Justice Department.

The coming changes mentioned don’t include patching up the gap in the design of WhatsApp and iMessage, but it would be an obvious and easy fix if the two companies want to tighten up against possible ways the government could tap into their systems.

(Read more: The New York Times, The Guardian, “Apple Vows to Fight the Feds in Battle Over Encryption”)

Hear more about security from the experts at the Business of Blockchain on April 23, 2018 in Cambridge.

Learn more and register
More from Connectivity

What it means to be constantly connected with each other and vast sources of information.

Want more award-winning journalism? Subscribe to Insider Plus.
  • Insider Plus {! insider.prices.plus !}*

    {! insider.display.menuOptionsLabel !}

    Everything included in Insider Basic, plus the digital magazine, extensive archive, ad-free web experience, and discounts to partner offerings and MIT Technology Review events.

    See details+

    Print + Digital Magazine (6 bi-monthly issues)

    Unlimited online access including all articles, multimedia, and more

    The Download newsletter with top tech stories delivered daily to your inbox

    Technology Review PDF magazine archive, including articles, images, and covers dating back to 1899

    10% Discount to MIT Technology Review events and MIT Press

    Ad-free website experience

/3
You've read of three free articles this month. for unlimited online access. You've read of three free articles this month. for unlimited online access. This is your last free article this month. for unlimited online access. You've read all your free articles this month. for unlimited online access. You've read of three free articles this month. for more, or for unlimited online access. for two more free articles, or for unlimited online access.