WhatsApp has made a security fix to one of its biggest shortcomings


End-to-end everywhere Encrypted Message Service Wechat Fusion Provide safety and convenience for 2 billion people all around the world. But there is always a big limitation: the service is completely dependent on your smartphone. You can use your account on your desktop or over the web, but you are actually only interacting with the mirror on your phone. If its battery is dead, or if you want to use two auxiliary devices at the same time, then you are out of luck. But WhatsApp said it finally found a solution.

Today, WhatsApp launched a limited beta version to begin actual testing of the multi-device solution. With this new feature, you will be able to use WhatsApp on your phone and up to four other devices at the same time. The only thing to note is that the other four must be “non-phone” devices. Your smartphone will still be your first device to set up WhatsApp; you will add other devices by scanning the QR code from your phone.

If your data exists on WhatsApp’s servers, there will be no problems using WhatsApp across devices. But the company’s end-to-end encryption scheme makes it impossible to see the content of your messages, and they are not stored by WhatsApp at all after they are sent. This is why mirroring your phone to your desktop, as WhatsApp and many other secure messaging applications have traditionally done, is an attractive option. All security protection comes from your mobile phone, and no independent things actually happen on other devices. Complex cryptography is required to actually smear other devices and keep everything in sync.

Scott Ryder, Director of Consumer Engineering at WhatsApp, said: “As we enter the multi-device era, ensuring the security of WhatsApp is the team’s biggest concern. “Really, this is the core of why the project took more than two years to complete. When both internal and external security reviews were agreed, we achieved this goal-it was an exciting time. “

The basic idea of ​​end-to-end encrypted communication is that data is unreadable at all times, except for the sender and receiver. This means that, for example, a message can only be decrypted and accessed on the phone you sent it and the phone of the person you sent it to. Mass messaging or calls make this a bit complicated, but as long as everyone uses the same device all the time, this is feasible.

However, you can see that if everyone suddenly owns three devices and wants to synchronize between them in real time, the service of tracking who is who becomes more complicated. If there is no complete end-to-end encryption, the central server can determine where to go by looking at the data. However, when you really want to stay locked, you need a special system to make it work.

As Facebook CEO Mark Zuckerberg Take it to Beta Information At the beginning of June, “it’s a huge technical challenge to get all your messages and content properly synchronized between devices.”

Making it all work involves two main components. One is that each device you use WhatsApp now has its own identity key, instead of every user having an identity key—in other words, the smartphone associated with the account. The WhatsApp server saves a family tree of all device identities on a person’s account; when someone sends a message to the account, the server will provide a complete list of keys so that the message can be sent to all the correct devices.

WhatsApp stated that it has carefully checked the system to ensure that criminals cannot add additional devices to your account and receive your messages. Users can check the list of devices linked to their account to make sure there are no lurkers, and they can also perform a “secure code” comparison with the person they are communicating with to make sure the two codes match. If something goes wrong and a user registers an additional device that has not been verified in their account, the codes will not match.

.

Leave a Reply

Your email address will not be published. Required fields are marked *