How secure are your messages really?

messages

Tbtech looks into the recent discovery that not all encrypted messages are as safe as everyone thought, and the methods users can take to maintain privacy.

Tech users want to know that their information is kept private, and this is a large selling point for end-to-end encrypted message services. For many years now, iMessage and WhatsApp have competed to be the best and most well-known in the communications sector, each claiming to be the most secure messaging system available. Both companies have done well to champion cybersecurity trust, but recently, a significant flaw has revealed a crack in this trust. 

The news came via a release by Property of the People, a non-profit organization that explained its motives as being ‘devoted to governmental transparency’ on Twitter. This showed an official FBI training document detailing different messenger services and the ability to gain information on a suspect via legal means through that service.

iMessage, the exclusive Apple messenger service, was placed at the top of this list as the most easily accessible messaging service for gaining access to private information. On this file, it listed that those who access iMessage can recover message history and contact details. The flaw in the system is the cloud backup system; all the messages are encrypted as promised and secure while being sent; however, once the message history is backed up to the cloud, they are accessible. This is due to the encryption keys being backed up to the same file; not the most brilliant move by Apple.

WhatsApp, the well-known message service owned by Meta Platforms, only allows access to a list of contacts created within the app. Much less information than potentially incriminating messages but still not as secure as people were made to believe.

Of course, all access requires a legal subpoena first; however, if one person has been in contact with someone being investigated (even in passing), all of their messages would be legally included in a subpoena. This is avoidable by simply turning off your automatic backup (shown below). This does mean if you lose your device, your old messages will not be recoverable when syncing a new phone or tablet.

Apple has not commented on this flaw and it’s not surprising after its year of PR nightmares, including the August announcement that images being sent in this messenger service would be screened by an AI in order to determine if they are sexual in nature, which brought on tremendous backlash.

It is interesting that the news of this FBI document came to light only two months after WhatsApp struck out against Apple for its message security. As mentioned before, it is more reassuring to know that there is no access to message content for WhatsApp users, however the FBI has been quoted saying it can request contact lists and metadata “sent every 15 minutes”. WhatsApp did release an update to fix this error, including a user warning advising them to remove the iCloud back-up during a step-by-step setup process in September.

Presently, Apple’s public image is suffering, not only due to encryption errors but also because of its struggles with the ongoing Malware issue known as Pegasus (created by NSO Group, the Israeli spyware company). This malware reportedly gains access to your phone in an attempt to ‘investigate terrorism’.

When asked about the situation, head of Apple security engineering and architecture, Ivan Krstic stated “Apple runs one of the most sophisticated security engineering operations in the world, and we will continue to work tirelessly to protect our users from abusive state-sponsored actors like NSO Group.”

In a rebuttal statement, a spokesperson from NSO commented that “thousands of lives were saved around the world thanks to NSO Group’s technologies used by its customers.” This shows NSO sees themselves as providing a service to the community, begging the question, when is full privacy allowed, and when is breaking it acceptable?

Interestingly, the NSO Group was sued for the same malware issue by WhatsApp owners Meta, (formerly Facebook) back in 2019, which means it has taken Apple two years to jump to action on this issue. While filing the lawsuit they did make a statement that “to prevent further abuse and harm to its users, Apple is also seeking a permanent injunction to ban NSO Group from using any Apple software, services, or devices.”

Read More:

Google has been on the move to surpass Apple and make Android the new secure go-to device that Apple has always been known for. Google’s new global RCS—Rich Communication Services release is much stricter than iMessage’s previous end-to-end encryption as it does not allow any group chats or use of multiple devices. The only thing allowed (to ensure security) is 1:1 messages between two people. Apple has considered joining this system and becoming a cross-platform messenger previously, allowing an Android phone to use Apple-exclusive apps. However, just like then it has now again refused to join, clearly due to its resistance to break away from the closed ecosystem Apple is known for. Google have since taunted Apple and the feud over who is the most secure continues.

The issue at the end of this is that users can not feel comfortable on any messaging service as new reports constantly come in of security breaches (mostly propaganda based it seems). The companies behind the messaging services refuse to work together to solve this problem and it is the users that suffer in the long run.

Click here to discover more of our podcasts

For more news from Top Business Tech, don’t forget to subscribe to our daily bulletin!

Follow us on LinkedIn and Twitter

Erin Laurenson

Multimedia Content Producer for TBTech

How E-commerce Marketers Can Win Black Friday

Sue Azari • 11th November 2024

As new global eCommerce players expand their influence across both European and US markets, traditional brands are navigating a rapidly shifting landscape. These fast-growing Asian platforms have gained traction by offering ultra-low prices, rapid product turnarounds, heavy investment in paid user acquisition, and leveraging viral social media trends to create demand almost in real-time. This...

Why microgrids are big news

Craig Tropea • 31st October 2024

As the world continues its march towards a greener future, businesses, communities, and individuals alike are all increasingly turning towards renewable energy sources to power their operations. What is most interesting, though, is how many of them are taking the pro-active position of researching, selecting, and implementing their preferred solutions without the assistance of traditional...

Is automation the silver bullet for customer retention?

Carter Busse • 22nd October 2024

CX innovation has accelerated rapidly since 2020, as business and consumer expectations evolved dramatically during the Covid-19 pandemic. Now, finding the best way to engage and respond to customers has become a top business priority and a key business challenge. Not only do customers expect the highest standard, but companies are prioritising superb CX to...

Automated Testing Tools and Their Impact on Software Quality

Natalia Yanchii • 09th October 2024

Test automation refers to using specialized software tools and frameworks to automate the execution of test cases, thereby reducing the time and effort required for manual testing. This approach ensures that automation tests run quickly and consistently, allowing development teams to identify and resolve defects more effectively. Test automation provides greater accuracy by eliminating human...

Custom Software Development

Natalia Yanchii • 04th October 2024

There is a wide performance gap between industry-leading companies and other market players. What helps these top businesses outperform their competitors? McKinsey & Company researchers are confident that these are digital technologies and custom software solutions. Nearly 70% of the top performers develop their proprietary products to differentiate themselves from competitors and drive growth. As...

The Impact of Test Automation on Software Quality

Natalia Yanchii • 04th October 2024

Software systems have become highly complex now, with multiple interconnected components, diverse user interfaces, and business logic. To ensure quality, QA engineers thoroughly test these systems through either automated or manual testing. At Testlum, we met many software development teams who were pressured to deliver new features and updates at a faster pace. The manual...