WhatsApp has a secure fix for one of its biggest drawbacks


The ubiquitous from start to finish encrypted messaging service WhatsApp merged safety and convenience for 2 billion people around the world. But there has always been one big limitation: the service relies entirely on your smartphone. You can use your account on desktops or through the web, but you actually only interact with a mirror of what’s on your phone. If its battery is dead or you want to use two secondary devices at once, you’re out of luck. But WhatsApp says it has finally found a solution.

Today, WhatsApp is launch a limited beta to begin real-world testing on a multi-device scheme. With the new feature, you will be able to use WhatsApp on your phone and up to four other devices at the same time. The only downside is that these other four must be “non-telephone” devices. Your smartphone will always be the first device on which you configure WhatsApp; you will add the other devices by scanning the QR codes from your phone.

Using WhatsApp on multiple devices would not be a problem if your data lived on WhatsApp’s servers. But the company’s end-to-end encryption scheme prevents it from seeing the content of your messages, and they aren’t stored by WhatsApp at all after delivery. This is why mirroring your phone to your desktop, like WhatsApp and many other secure messaging apps always have, is an attractive option. All the security protections extend from your phone and nothing really happens independently on the other device. It takes complicated crypto feuds to actually anoint other devices and keep everything in sync.

“As we move into the multi-device era, ensuring the security of WhatsApp remains bulletproof is the team’s primary concern,” says Scott Ryder, WhatsApp Director of Consumer Engineering . “Really, that’s why the project lasted over two years. When internal and external security reviews agreed that we had achieved this goal, it was an exciting time. “

The fundamental idea of ​​end-to-end encrypted communication is that the data is unreadable at all times except for the sender and the recipient. This means, for example, that a message is only decrypted and accessible on the phone you sent it from and the phone of the person you sent it to. Messaging or group calling complicates things a bit, but as long as everyone is using the same device all the time, it’s doable.

You can see how it gets more complicated, however, for a service to keep track of who’s who if everyone suddenly has three devices and wants real-time sync between them. Without full end-to-end encryption, a central server can take a quick peek at the data to determine what needs to go where. But when you’re really trying to keep things locked, you need a special system to make it work.

As CEO of Facebook, Mark Zuckerberg Put the at WABetaInfo at the start of june, “it was a big technical challenge to get all of your messages and content to sync properly across all devices. “

Making it all work involves two main components. The first is that instead of having a single identity key for each user, in other words, the smartphone associated with the account, each device you use for WhatsApp now has its own identity key. WhatsApp’s server keeps a sort of family tree of all device identities on a person’s account; when someone goes to send a message to this account, the server provides the full list of keys so that the message goes to all the correct devices.

WhatsApp says it has carefully added controls on this system to ensure that a bad actor cannot add additional devices to your account and receive your messages. Users can check the list of devices linked to their account to make sure there are no prowlers, and they can also do a “security code” comparison with someone they contact for their account. make sure the two codes match. If something is wrong and a user has an additional unverified device registered to their account, the codes will not match.



Source link

Leave a Reply

Your email address will not be published. Required fields are marked *