Security Market Segment LS
Wednesday, 15 May 2019 08:18

Bloomberg roasted for terming WhatsApp end-to-end encryption 'a gimmick' Featured

By
Bloomberg roasted for terming WhatsApp end-to-end encryption 'a gimmick' Image by Alfredo Rivera from Pixabay

A number of well-respected security professionals have slammed the news agency Bloomberg for an op-ed it ran on Tuesday, claiming that WhatsApp's end-to-end encryption was a gimmick, after reports emerged that the app could be exploited by mobile spyware by merely calling the phone of a would-be victim.

Author Leonid Bershidsky wrote that the finding that hackers could snoop on WhatsApp "should alert users of supposedly secure messaging apps to an uncomfortable truth: 'End-to-end encryption' sounds nice – but if anyone can get into your phone’s operating system, they will be able to read your messages without having to decrypt them".

He added: "End-to-end encryption' is a marketing device used by companies such as Facebook to lull consumers wary about cyber-surveillance into a false sense of security."

His arguments were panned widely. Former NSA hacker Jake Williams told iTWire: "Bloomberg's contributor arguing that end-to-end encryption is ineffective overall is a bad take. Just because one vulnerability was found in an application doesn't say anything about the security of the encryption.

"They are completely different threat models. End-to-end encryption protects against eavesdropping in transit, but the vulnerability discovered targeted a code execution vulnerability in the app itself."

The Financial Times reported that the spyware that could exploit WhatsApp in this manner was made by the NSO Group, a Israeli firm. The company has been in the news a number of times for supplying its software to governments for spying on activists and journalists among others.

Williams, who runs his own security firm, Rendition Infosec, added: "These are completely different areas of application security. It's like saying that you police officers shouldn't wear bulletproof vests because a criminal could still hit them in the legs with a baseball bat."

Matt Blaze, a professor of Computer and Information Science at the University of Pennsylvania and a researcher in the areas of secure systems, cryptography, and trust management, said in a sarcastic tweet: "End-to-end encryption does nothing to protect against attacks on your endpoint, true. And seatbelts and airbags do nothing to prevent your car from being hit by a meteorite."

Well-known cryptography researcher Kenn White was even more severe. "Wow, Bloomberg business weighing in with the actively dangerous hot take on WhatsApp. Spoiler: No, end-to-end encryption is not 'pointless' you fetid baboons," he tweeted.

Bloomberg has earned the ire of many in the tech community over the last year or so. In October last year, the news agency claimed that China had infiltrated the technology supply chain by implanting a small chip on the server mainboards used by a company in the US, Supermicro Computer. To date, there has been no evidence produced to back up these claims.

Soon after that, Bloomberg ran a story that claimed a "major US telecommunications company" that allegedly encountered doctored hardware made by the US company Supermicro Computer. Again, there was no evidence to back up this story.

And more recently, Bloomberg reported this month that Vodafone had found what it called "hidden backdoors" in software that "could have given [Chinese telecommunications equipment vendor] Huawei unauthorised access to the carrier’s (Vodafone's) fixed-line network in Italy".

Vodafone denied the claim, telling iTWire that the so-called backdoor that Bloomberg referred to was telnet, a protocol used for communication using a virtual terminal connection, adding that it was not exposed to the Internet.

BUSINESS WORKS BETTER WITH WINDOWS 1O. MAKE THE SHIFT

You cannot afford to miss this Dell Webinar.

With Windows 7 support ending 14th January 2020, its time to start looking at your options.

This can have significant impacts on your organisation but also presents organisations with an opportunity to fundamentally rethink the way users work.

The Details

When: Thursday, September 26, 2019
Presenter: Dell Technologies
Location: Your Computer

Timezones

QLD, VIC, NSW, ACT & TAS: 11:00 am
SA, NT: 10:30 am
WA: 9:00 am NZ: 1:00 pm

Register and find out all the details you need to know below.

REGISTER!

ADVERTISE ON ITWIRE NEWS SITE & NEWSLETTER

iTWire can help you promote your company, services, and products.

Get more LEADS & MORE SALES

Advertise on the iTWire News Site / Website

Advertise in the iTWire UPDATE / Newsletter

Promote your message via iTWire Sponsored Content/News

Guest Opinion for Home Page exposure

Contact Andrew on 0412 390 000 or email [email protected]

OR CLICK HERE!

Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

VENDOR NEWS & EVENTS

REVIEWS

Recent Comments