How do hackers intercept messages?

How to protect chats and phone calls from surveillance

Calling, chatting, sending SMS: the basic functions of a smartphone are extremely insecure from a security perspective. Phone calls can be eavesdropped very easily, SMS can be intercepted without much effort. Also many popular apps are unsafe, for example because they save chats unencrypted. These can then be hacked or requested by investigators via a court order. In times when Austria is facing a massive surveillance package, foreign secret services are monitoring Internet communications on a large scale and criminal hackers are also lurking for user data, citizens should take basic steps to digitally defend their data.

Whatsapp encrypts data

Fortunately, in 2017 you (mostly) no longer have to bother with email encryption or get obscure, hard-to-use apps to communicate securely. Because the most popular messenger in the world - Whatsapp - offers quite protection. Messenger, which is part of Facebook, encrypts messages and calls. If hackers or secret services intercept this data in transit, all they see is a meaningless sequence of numbers and letters. However, there are several catches: Whatsapp belongs to Facebook, a company that makes profits with data. Although Facebook cannot read WhatsApp messages, it does know who spoke to whom and when. The same will apply in the future to Skype, which belongs to Microsoft and is also to be encrypted end-to-end.

Disable backups

In any case, it is important when using Whatsapp that Disable backup. The messenger regularly saves chat histories in the cloud so that users can also see old chats on a new cell phone. However, these backups are a backdoor for surveillance. You should not forget to ask your conversation partner to deactivate the backup as well, otherwise the contents of the conversation can be called up via his backup.

Signal offers protection

But it is smarter to use the app signal (iOS, Android, desktop) that is easy to use and offers great protection from surveillance. Anyone who knows WhatsApp can also use the signal. The advantages over most applications are great: With Signal, users can chat in pairs or in a group Telephone and video calls are possible. As with Whatsapp, these are encrypted in such a way that only the users involved have access to them - Whatsapp and Signal actually use the same encryption protocol.

Subtleties

However, Signal offers significantly more data protection subtleties than Whatsapp: The app allows you to use a automatic deletion interval for content. That could be about five seconds or a week. If the user's smartphone is ever searched (using a federal Trojan or confiscation), old chat logs will at least disappear with it. Another tip that also applies to other apps: That Turn off notifications on the lock screen. Otherwise anyone who has a smartphone in view can see the latest received messages.

Check security number

If you really run the risk of being monitored, you should use both Signal and Whatsapp Check the security number of his contacts. To do this, click on the name of the contact in the chat, then on "Check security number". You will now see a chain of digits. The conversation partner must have exactly the same security number. Otherwise it is probably a hacker who snuck between the two interlocutors. The check can be carried out, for example, by telephone or video chat. QR codes can also be scanned during an offline meeting. With Whatsapp, the security notifications must be activated separately, this happens under Settings - Account - Security. Then users see when the security number of their contact changes.

Lack of dissemination

The biggest problem with Signal is the lack of circulation of the app. Many people use Facebook Messenger, Snapchat, Whatsapp or, if they are concerned about their privacy, Telegram and Threema There is little to complain about against the latter app, but it does require a fee. In addition, unlike Signal, their source code is not freely accessible, so it cannot be checked by external security researchers.

Telegram is considered unsafe

Telegram has earned a reputation for being a safe application, but that has not been proven. In fact, chats are at Telegram unencrypted as standard or secured in a specially developed encryption protocol. Security experts describe the fact that Telegram uses its own protocol as "strange". Experts advised to stop using the app "immediately". There have also been reports of successful monitoring of Telegram messages over the past few months.

Activists instead of corporations

Signal is not only more secure, the app is also backed by internet activists with Open Whisper Systems. The development of the applications was supported, among other things, with grants from the Freedom of the Press Foundation. The Open Technology Fund, which is financed by the US government, also contributed funds. However, there is no indication that the US government has any control over Open Whisper Systems as a result. The app has also been recommended several times by NSA whistleblower Edward Snowden.

Encrypt as much as possible

In principle, the following applies: the more messages that are encrypted - for example via a signal - the more difficult it becomes for investigators. Those who only use encryption for sensitive content could target these messages. It is therefore best to do it yourself Encrypt mundane things like shopping lists. In this respect, it is worthwhile to advertise the use of the signal among friends and family members - perhaps family celebrations during the holidays would be a good occasion for this. (Fabian Schmid, January 18, 2017)