WhatsApp Encryption A Good Start, But Far From a Security Cure-all

[RV_]

Apple has it right with their fully encrypted new iPhone. But the rest of us can also encrypt our phones with third party programs. Here is a follow on article about securing the rest of your phone and devices to make security real.

 

Excerpt:

 

"“A lot of people might think after what WhatsApp announced Tuesday, ‘Oh my goodness everything is so secure and nobody can read my messages anymore.’ That’s not exactly 100 percent accurate,” said Cris Thomas, strategist at Tenable Network Security.

 

Thomas points out that there are several key aspects of secure communications that are missing when it comes to WhatsApp’s new end-to-end encryption plan. First, while WhatsApp messages are secure in transit, most of the endpoint devices – such as the smartphones, tablets and computers – do not encrypt the data residing on them in the same way Apple does with its most recent iPhone.

 

“Imagine you are transporting a $1 million in an armored truck between two guys living under a bridge,” Thomas said. “The transportation model is safe, but the endpoints are not.”

 

Another area of concern for said Jeremy Gillula, staff technologist with the Electronic Frontier Foundation, has less to do with the contents of messages and more to do with the metadata that is unprotected between WhatsApp users.

 

“Subpoena after subpoena has shown that it’s not the data that law enforcement is after. As our own government has expressed, it is more interested in metadata than actual content,” Gillula said. That metadata can often reveal more than the messaging itself, he said. Metadata includes who was communicating, when they communicated, for how long and the size of any digital content swapped between the two parties."

 

https://threatpost.com/whatsapp-encryption-a-good-start-but-far-from-a-security-cure-all/117230/