Hello,

We noticed you're browsing in private or incognito mode.

To continue reading this article, please exit incognito mode or log in.

Not an Insider? Subscribe now for unlimited access to online articles.

Connectivity

How Cops Could Wiretap Encrypted iMessage and WhatsApp Chats

WhatsApp could be the next target in the Department of Justice’s war on encryption, and the service has a weakness that makes wiretapping easy.

Apple’s troubles with the Department of Justice may be about to double. And Facebook may soon also be sucked into the fight with the U.S. government over how much encryption is too much.

Apple is in a legal dispute with the Justice Department over its claim that the system that encrypts data stored on an iPhone unreasonably impedes law enforcement. Yesterday the New York Times reported that the Justice Department also has problems with the encryption built into Facebook’s WhatsApp messaging service. It is designed such that the company cannot decrypt messages and provide them to law enforcement. Apple’s messaging service, iMessage, uses a similar design.

There’s no sign yet that the Justice Department is about to kick off a second legal and public fight against Apple, or take on Facebook. But we do know that a weakness in how iMessage and WhatsApp are designed means that Apple and Facebook could allow law enforcement to listen in on their messaging systems relatively easily, even if they cannot hand over past messages. Cryptographer and Johns Hopkins University professor Matthew Green has written that the answer to the question of whether Apple could backdoor iMessage is “absolutely.”

WhatsApp and iMessage both use a design known as end-to-end encryption. That means that when devices exchange messages, the keys needed to decrypt the chat reside only with the devices involved. This is different from most services, like e-mail, for example, where your messages are only encrypted on the way to and from your service provider, and that company has access to the key needed to decrypt messages.

The problem with iMessage and WhatsApp is that Apple and Facebook want it to be easy for you to start conversations on their platforms. And so they act as a middleman and control the crucial keys used to secure your messages.

If you make a new friend and send her a message on WhatsApp or iMessage, the company behind either service tells your device which keys to use to encrypt the message, and to decrypt the reply. Apple or Facebook could include with the keys they hand out a special extra key that effectively adds the FBI to your conversation. Any messages sent between you and that contact could then be read by investigators, like a wiretap.

The solution to this weakness is well understood and used by messaging services that put more emphasis on security, such as Signal. If you can inspect the key used for chats with a specific contact, then you can confirm with them that you are only using keys associated with each other’s devices.

Adding that feature would (slightly) complicate the design of WhatsApp and iMessage, and the vast majority of people who use the platform probably wouldn’t use it. But the Guardian reported on Monday that Facebook and Apple are both planning to expand their use of encryption in response to the recent public and legal complaints of the Justice Department.

The coming changes mentioned don’t include patching up the gap in the design of WhatsApp and iMessage, but it would be an obvious and easy fix if the two companies want to tighten up against possible ways the government could tap into their systems.

(Read more: The New York Times, The Guardian, “Apple Vows to Fight the Feds in Battle Over Encryption”)

Hear more about security from the experts at the EmTech Digital Conference, March 26-27, 2018 in San Francisco.

Learn more and register

Uh oh–you've read all of your free articles for this month.

Insider Premium
$179.95/yr US PRICE

More from Connectivity

What it means to be constantly connected with each other and vast sources of information.

Want more award-winning journalism? Subscribe to Insider Online Only.
  • Insider Online Only {! insider.prices.online !}*

    {! insider.display.menuOptionsLabel !}

    Unlimited online access including articles and video, plus The Download with the top tech stories delivered daily to your inbox.

    See details+

    What's Included

    Unlimited 24/7 access to MIT Technology Review’s website

    The Download: our daily newsletter of what's important in technology and innovation

/
You've read all of your free articles this month. This is your last free article this month. You've read of free articles this month. or  for unlimited online access.