Last week, a report by Mathy Vanhoef of imec-DistriNet revealed a vulnerability in the WPA2 protocol used by virtually all Wi-Fi networks worldwide. The flaw allows hackers to perform a man-in-the-middle (MitM) attack and decrypt and read all Internet traffic going through the network. However, Secure Phone users should rest assured that their security is not compromised.
How do you make sure you are not a target of a man-in-the-middle (MitM) attack when using an instant messaging app? Encryption can secure the content of a conversation from eavesdroppers, but what if someone has hacked the account of the person you want to talk to and is impersonating them? The off-the-record (OTR) encryption protocol used by Secure Chat solves this problem by providing mutual identification through the Socialist Millionaire Protocol.
It has been a busy weekend for those concerned with online privacy. Last Friday, the Guardian reported about research that claims to have detected a security loophole in the way WhatsApp employs its end-to-end encryption protocol, Signal. A day later, the protocol’s developers, Open Whisper Systems, responded that what the research claims is a vulnerability, is actually a feature – and definitely not a backdoor. But is one of the most popular end-to-end encrypted instant messengers really backdoored?
Mobile devices are no longer the future – they are the reigning kings of the present. October 2016 marked the tipping point, at which mobile devices accounted for a bigger share of Internet usage than desktop computers. Close to 2 billion people use mobile devices to access the Internet. Google has already reported mobile searches surpassing desktop ones by some 10 percentage points – and that its search algorithm will start favoring mobile sites. Not to mention that marketing and ad spending is already shifted towards mobile. But what does this brave new world mean for mobile security?
Your phone knows an awful lot about you. Your location, your bank account, the names of all your contacts, the passwords to all your accounts… You name it. And different apps on it have access, and permissions, to transmit this data to God knows who. You may trust the manufacturer of your phone has put only software on it that respects your privacy. But what about third-party apps that have the same permissions? And what if you have no idea how these apps got on your phone?
In an age when people do more and more things on their smartphones, getting to a free Wi-Fi hotspot feels like finding an oasis in the middle of the desert. Who wouldn’t prefer to hop on a free network and browse the hell of the Internet without having to worry about a data limit? Well, just like anything else that’s free, wi-fi comes with a fine print. And its reads “data leaks.”
Nowadays, IMSI-catchers are pretty much vanilla surveillance. Such devices have been used by law enforcement and not-so-lawful adversaries alike to seize phone data for over a decade. Now, researchers have demonstrated how the same can be done over Wi-Fi. And it is also relatively easy.