CEST = Central European Summer Time
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Encrypted Messaging Apps Vulnerable To Side-Channel Attacks Including WhatsApp, Telegram, and Signal!
WhatsApp, Signal, and Telegram have all been around for a while. Though a lot of instant messaging apps were already available, people have quickly switched to these encrypted messaging apps in an attempt to secure their conversations from snoopers. While things looked good with regards to encryption, a recent study by Cisco Talos has revealed some shocking facts. Allegedly, most of these popular, supposedly secure IM apps are vulnerable to side-channel attacks.
Encrypted Messaging Apps Found Vulnerable To Cyber Attacks Researchers at Cisco Talos have disclosed their findings regarding vulnerabilities in popular encrypted messaging apps. Reportedly, WhatsApp, Telegram, and Signal can be compromised by side-channel attacks. This certainly puts the users’ privacy and security at risk. As elaborated in their blog post, these secure messaging apps claim to ensure encrypted conversations, saving them from third-party breaches. However, what many users didn’t know is that hackers can still find ways to breach their privacy simply via side-channel attacks.
TALOS Blog
Executive summary
Messaging applications have been around since the inception of the internet. But recently, due to the increased awareness around mass surveillance in some countries, more users are installing end-to-end encrypted apps dubbed “secure instant messaging applications.” These apps claim to encrypt users’ messages and keep their content secure from any third parties.
However, after a deep dive into three of these secure messaging apps — Telegram, WhatsApp and Signal — we discovered that these services may not fulfill the promises they are meant to keep by putting users’ confidential information at risk.
This is a serious problem, considering users download these apps in the hopes that their photos and messages will stay completely protected from third parties.
These apps, which have countless users, cannot assume that their users are security educated and understand the risk of enabling certain settings on their device. As such, they have an obligation to explain the risks to users, and when possible, adopt safer defaults in their settings. In this post, we will show how an attacker could compromise these applications by performing side-channel attacks that target the operating system these apps delegated their security to. This post will dive into the methods in which these apps handle users’ data. It will not include deep technical analysis of these companies’ security.
https://blog.talosintelligence.com/2018/12/secureim.html
www.reddit.com/r/conspiracy/comments/4zm640/why_do_so_many_us_politicians_have_dual_usisraeli/?st=jf1r0ugy&sh=17467c91
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
“Think about this - The fact that they are NOW publishing the source (signal.org) means they’re done leveraging it for intel. Uh-oh.”
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
“Suicide weekend coming up tomorrow?”
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
“October surprise? 10/5?”
Considering the people endorsing signal, I imagine that there is a back door spy feature and they were snooping just like facebook snoops.