The alleged plot to kidnap the governor of Michigan has again raised the question of confidential messaging apps.
As we recently learned, encrypted messages are no guarantee that your private conversations will remain between you and the recipient. On Thursday , the FBI arrested six people on suspicion of plotting to kidnap the governor of Michigan. How did the feds get the information they needed? They read the encrypted messages in the user’s correspondence.
For the sake of completeness, the chats were not accessed using any new technology. The FBI had a confidential informant who participated in group messaging streams, where much of the plot was laid out, according to the report. In this way, the FBI was constantly aware of what was happening, even when the group changed messaging apps.
“Because the [informant] was still part of the group, the FBI retained the ability to consistently track chat conversations," said FBI Special Agent Richard J. Trask II.
The incident highlights the insecurity of encrypted messaging apps such as Signal, Telegram, and WhatsApp. While they all offer some level of privacy when messaging, there are many ways to get access to your messages.
This is good and bad news at the same time. It means that criminals plotting misconduct cannot rely entirely on encrypted messaging services to hide their plans from the police. While law enforcement warns that encryption makes their investigations into dangerous criminals " stealthy ". This case is a prime example of how investigators can continue to read messages sent using encrypted services.
Regular users who want to protect their data from hackers, crackers, and foreign agents need to rethink what encrypted messaging actually gives them. This is not a magic potion that will help protect your personal information completely. Below we will talk about what you definitely need to know about encrypting messages in chats.
How does encrypted messaging work?
Most people have no idea what encrypted messaging apps like Signal, Telegram, and Facebook-owned WhatsApp do. They look and act like regular text messaging tools. You don’t notice it, but the services encrypt your messages as they travel over cellular systems and the Internet to reach the intended recipient’s phone.
This means that no one involved in sending the message, including the encrypted messaging service, can read your messages. Regular SMS messages are sent in clear text and do not have this level of security, so they are vulnerable to interception at several points when sent from your phone to the recipient’s device.
Is the data on my phone also encrypted?
If you’re using an iPhone, the data on your phone is encrypted when the device is locked. On Android phones, users must enable encryption themselves. Device encryption will protect your messages as long as your phone is locked.
Apple considers this form of encryption important for maintaining the privacy of user data. First, it will protect all personal data on your phone if it gets stolen. Second, think about private messages and photos, as well as access to your account, email, and map.
Like message encryption, device encryption has been a sore point for law enforcement. In 2016, the FBI tried to get a court order to force Apple to help it access encrypted messages on an iPhone used by an extremist shooter. After Apple refused, the bureau was able to access the data on the phone using a different technique.
How can someone access my encrypted messages?
As the case in Michigan shows, anyone you send a message to can share it with a wider range of people, whether or not it’s sent encrypted. The same applies to anyone who can unlock the phone, which will disable device encryption. If you don’t lock your device at all, anyone who gets access to your phone can see your messages and photos.
Then there is the hack, which is used by law enforcement, as well as criminals and foreign governments, to steal data from the phone using malware. Once a device is compromised, malware can read messages on it. This works in much the same way as peeking over your shoulder to see what you’re typing. These tools have a complex architecture, are expensive and require the intervention of an experienced specialist.
Another form of malware that can read your private messages is called Stalkerware. This is a phone monitoring software that many people use to spy on their partners or exes. It usually requires access to your phone as well. There are steps you can take to keep yourself safe from Stalkerware.
Finally, let’s talk about data backup. The information in your cloud accounts may not be encrypted, and anyone with the password can access the message backups. Some Stalkerware programs work in this way: with the help of them, a person gets access to a cloud backup of the phone ‘s data. This is a great argument for using a unique, hard-to-guess password to secure your cloud accounts, as well as installing a password manager.