All of us either use or have used a instant messaging app. From the first apps such AIM, IRC and Yahoo messenger, to the modern day, highly secure apps with fantastic levels of encryption, you have you used one of the many apps out there.
These days, so many people use encrypted messaging apps, it has become the trend to do so. But they do not always know what they have at their disposal or even everything that the app can do. Many user’s simple download the app as friends or colleagues may use them and have no idea how much protection they have at their disposal. The flip side of this is how many people download messaging apps that offer next to no protections and leave you data and information at risk. In this article, we will talk about why encrypted messaging apps are something that you need, who and what you need to protect yourself from and the details on how encrypted messaging apps work.
Encrypted messaging apps: Why do we need them?
Many people will think of the messages they send and feel that as they have nothing to hide, then there is no need to protect their information. This is a very bad viewpoint to have. There is a vast amount of information at risk that you have when messaging, or more precisely, when you are messaging with poor, unsecure messaging apps:
- Physical location: The idea of a random stranger appearing at your front door is terrifying and rightly so. You do not want any stalker to be able to simple show up at your address, would you? Without protecting your messages, it can easily be found, either by your metadata or by your messages being intercepted and read.
- Banking information: When it comes to your financial information, especially your bank account, you must keep the information secure. Otherwise, you are simply handing the money over to hackers. Everything from bank account details, credit card information, passwords and any form of communication you have digitally with account managers can be harnessed against you if not protected.
- Identifying numbers: If giving out your social insurance number is something you like to do, then good for you, but we would highly recommend you do not. For the rest of us who like to keep our information private, encrypted messaging is needed to help protect you here. In identity theft, passport numbers, SIN/SSN and driver’s licence numbers are all at risk of being stolen.
- Private information: Think about all the pictures that friends and love ones send you and vice versa. How would you feel if you knew someone was watching and seeing these as well? What you say to your family, that information could all now be in the hands of people who would see harm come to them. Do you still feel like this information does not need to be protected, that you have nothing to hide?
- Word data: Not every single one of us works for NASA, but that does not mean our work data is not important to us or could not be used to hurt us or our companies. Corporate espionage and blackmail are big issues and the last thing you want is for the company you work for to be compromised by your lax security.
You may not feel like you have anything to hide, but there is plenty of information that you message each day that is extremely valuable, both monetary and personally. And you definitely do not want bad people to get hold of any of these. The video below is a video helping you find out the location of where you took each photo on your phone. Seems innocent enough.
But what if you take photos or Livestream from an unencrypted messaging app? Using a man-in-the-middle attack, a hacker could easily intercept and just like that, they know exact location with your live GPS coordinates for that moment. A little scary to say the least.
Encrypted messaging apps help protect your job
Every point listed so far is something that everyone faces and effects all of us. But with some professions, the importance of using an encrypted messaging app is doubly so:
- Journalists : Corrupt authorities and politicians to criminals and frauds, they all do not want journalists to be able to expose them for their illegal activities and wrong-doings. They need the protection to look after their work and themselves.
- Doctors: Medical professionals deal with a lot of sensitive data when it comes to patients and their wellbeing, all which you would prefer is kept private and encrypted. This is even a requirement for messages with HIPAA.
- Lawyers : A lawyer and their client deserve private communications that cannot be seen. This is needed for us to have a fair legal system.
- Mining industry: With working in far, remote locations, poor communications should not compromise the hard work put in.
- Protestors: The sad truth is we do not all live in “free” countries and we do not all enjoy the same liberties and rights we may be used to. For many who protest against corrupt governments, encrypted messaging can help keep them from being harmed via surveillance networks.
- Activists: For those leaving a country to inform others of the levels of corruption being faced, their need for encrypted messaging is high, as much like the above, they are needed to be kept from harm of retaliation via their personal information or messages.
We could keep going, as there are many jobs that require encrypted messaging to remain secure. If you wish to read more, our Use Case series can help. From the points above, you can see that for the private lives of people, as well as their professions and causes, have a great need for encrypted messaging apps. Saying they are unnecessary is a foolish argument. They are a vital aspect to not just governments and authorities, but each and every citizen.
Who is watching in on our messages? Who is spying on us?
In the days of analog, it was nigh on impossible to know what someone was reading, unless you were sitting next to them at the same screen. With digital, it is extremely easy to spy on people and there is a long list of people who would want to have access to your data and messages. On that list, a few could be reading over your shoulder right now, like the following:
- Government: Whilst your local councilor or mayor probably aren’t, federal agencies and police monitor internet chatter, regardless of if you are innocent or not. A clip from the biopic film on Edward Snowden, where he first learns of the NSA’s incredible and terrifying powers as an innocent woman is spied on via a disabled webcam, by an operative claiming her to be tangentially connected to a target.
- ISP: All the data you generate is collected by the very people who provide the internet connection you use and they sell it to advertisers, or anyone who pays essentially. Any assurance given on your data being protected by them is at roughly 0%. Unlike us they do not care about your privacy.
- Apps: Everything from productivity apps to browsers, to messaging apps and even games. Each one monitors what you do and tracks, all so they can better target adverts to you. All this data they collect can easily be stolen by any group who wishes to take it.
- Hackers: When you think hackers, you think of individuals with high end, cutting edge tech with vast knowledge of computers and coding and that simply is not true. The amount of pre-made tools out there is vast and anyone with money can get them. There are even some that are completely free, such as 10 spyware apps for mobile phones that are available on the regular web.
Aside from the latter, the others are all doing their jobs in what they do, to varying levels and degrees of nefariousness. Meanwhile, the latter is seeking to exploit and use them to their own gain. The knowledge of how little it takes someone to spy on people is horrid to think about, but how easy it is for someone to take some of this data is a massive problem. Every week brings a new hack and every day people are the victims each time. Recently, Snapchat has had many issues with this:
Every single person who uses Snapchat to message can easily be compromised. Their encryption standards are extremely low, leaving any sensitive message or image you sent at risk. And this is before we have even mentioned The Snappening, where every single user of the app had all of their data shared and completely compromised thanks to a third-party app. And they are not the only offenders. WhatsApp keeps messages stored unencrypted on their servers, whilst all SMS messages are left entirely unencrypted.
Why and how encrypted message apps work
When trying to understand how encryptions work and the math that goes into them, it can be useful to see an encryption program in action as it converts text to ciphertext. So to do this, we have a little challenge for you. We have a secure message which we then encrypted by using AES 128 bit encryption:
No one could possibly understand what the message says, nor could anyone who attempted to intercept this message if it was sent. Whoever goes to read it needs access to the secret key that would decrypt the information for them.
In reality, you do not give the key to a hacker. But in this case, to show you how encryption works, we are giving you all the secret key so that you can put them into this website and try and decipher the message with the following settings:
- Base 64
- 128 bit
- Secret key: 1234567890123456
No cheating in this, but we have put the answer at the end to see if you got it right. If you cracked the message and got shown the right message, then you yourself have proven that the encryption works, and is protecting the messages. And do not forget to hit “Decrypt to plain text” at the final part!
What to look for when searching for an encrypted messaging apps
The first basic step for an encrypted app is to have end-to-end encryption (E2EE), like with Signal and WhatsApp. There are other factors and issues in the communication chain that also need to be thought about, which far too often are ignored:
- Device security
- Server encryption
- Metadata encryption
- Data tracking and retention
- Phone storage encryption
- Deleting sent messages
A limited amount of messaging apps cover some of these, and sadly even fewer actually tackle them. It can be a lot of work to cover each of these and the additional work required is often something that manufacturers would prefer to skip. Here at SKY ECC, we make sure we take the time to address each one.
Addressing each of these security gaps
Looking for an encrypted messaging app can be tricky, but a good way to know what you are getting is to check it against the standards we have set to make sure it meets the high level needed to keep your message secure. From the previous points, here is ho we have gone about handling them:
- Server encryption: Everything we store within our servers is kept exactly as it was sent from the user and is stored with a 521 bit ECC. We only ever store the data should the message not be able to be immediately delivered and we hold it only for 48 hours before we make sure it is deleted.
- Phone storage encryption: Anything and everything you store on your phone is kept stored under your device’s encryption. We make sure that SKY ECC is kept in a sperate encrypted container, including locks on the app and another separate lock for the vault feature.
- Device security: To stop your phone from being ‘rolled back’ to an old version by a hacker, Kernel rollback protection is in place, preventing the OS from switching to any older versions. On top of this, brute force password protections are in place to stop people trying to repeatedly guess the passwords. If too many failed attempts are made, then the device will delete itself to protect your data.
- Data tracking and retention: For you to be truly secure when using a messaging app, it cannot know anything about you. We make sure we never know about you. We keep no data, SIMs do not have names connected to them and the same with phone numbers. Your SKY ECC ID is randomly generated and, as you have probably guessed, it is not attached to your name.
- Metadata encryption: Your metadata can tell someone far more than you first may realize and most messaging apps completely fail to keep yours protected. Using AES 256 bit encryption, we make sure all of your metadata is encrypted and secure.
- Deleting sent messages: It may be nice to keep a sweet message from your parents, but many messages need to be read then quickly deleted. With SKY ECC, we have two different options for you to use, depending on how quickly you want the message deleted. Every chat that is had will be deleted within a set amount of time after being sent. This is something the user can modify on their own in the settings, the shortest being two hours and the longest being seven days. There is also flash messaging, where you can set a message to expire 30 seconds after being read.
To be truly secure, a messaging app needs all of these features. If it lacks the, then you know that you are not secure when using it.
Start messaging with an encrypted communication app today
These days there is a great variety of apps that provide end-to-end encryption. But if you want security and privacy for your messages, then SKY ECC is the tool to meet that job.
Data can be accessed and stolen. And your data is far too valuable to be exploited by criminals. People who have high-risk jobs can quickly become targets to the sort of people we mentioned above. To all of this, there is a way to stay protected and that is with an app that is far more than just end-to-end encryption.
SECRET MESSAGE SPOILER
Curious to see if you got the right message? Did you get through the encryption right?
Well, Deadpool can give you the correct answer:
Did you get the right answer?