Privacy

Bloomberg article ridiculed en masse for end-to-end encryption article

An opinion article on business website Bloomberg is being ridiculed after its author made some very questionable and potentially dangerous conclusions about end-to-end encryption based on the recent WhatsApp security flaw that allowed a group of hackers to install spyware onto a user’s phone and read their WhatsApp messages.

A quick recap and summary –

WhatsApp recently patched a security flaw that could allow intruders to install spyware on a device just by calling the device with WhatsApp. That spyware could read WhatsApp messages on that device. It turned out that the flaw was being exploited by a professional hacking group called NSO Group that is famous for selling spyware to governments.

WhatsApp uses end-to-end encryption, which means messages sent between sender and recipient are encrypted, meaning they cannot be intercepted and read while in transit. End-to-end encryption is seen as an important feature that greatly boosts the privacy of an end user.

Of course, despite WhatsApp using end-to-end encryption, cyber intruders did manage to find a way of reading WhatsApp messages on a user’s phone. That is because they didn’t try and intercept the messages in transit, rather they focused on finding a security flaw in the WhatsApp app itself in order to install spyware.

Shortly after, an opinion piece on Bloomberg ran with the headline “WhatsApp’s hack shows end-to-end encryption is largely pointless“. Naturally, the rest of the article continued to essentially reinforce that precise point.

Now… that headline is simply incorrect, and demonstrates a lack of authority and understanding on information security. It is akin to pointing out that locking your doors and windows at night is “largely pointless” because someone could simply hire a monster truck and drive through your kitchen wall.


Sponsored Content. Continued below...




To be clear, end-to-end encryption technology does not make it impossible for intruders to read your messages (and no one says that it does). However, it does make it much, much harder for them to do so. That’s because it makes it near impossible to intercept messages in transit (between sender and recipient) and read them, because they’re encrypted. Encrypted well. That type of interception-based snooping is a popular (and often easier) method of spying on someone, and with end-to-end encryption, it’s a spying technique that is all but taken off the table.

There are other ways of spying, and the WhatsApp security flaw that presented a zero-day vulnerability that could allow spyware be installed on a victim’s device (and subsequently read their WhatsApp messages) is one such method.

However with apps like WhatsApp, with their dedicated security teams, this is no easy feat, and it took a professional well-funded organisation to do it.

And none of this demonstrates how “pointless” end-to-end encryption is. End-to-end encryption is one of the best and more effective ways to keep your privacy safe. To say that it is rendered pointless simply because of the existence of other potential (and more difficult) methods of attack demonstrates a clear misunderstanding of fundamental cyber-security principles. For most users – unless they’re the target for a state-sponsored attack – end-to-end encryption is perhaps one of the best privacy roads to take.


Sponsored Content. Continued below...




To claim that the WhatsApp hack renders is pointless is in itself a rather pointless accusation to make.

The author of the Bloomberg article – Leonid Bershidsky – has since stated that the article has been clarified and the headline has been changed to “End-to-End encryption isn’t as safe as you think“. However, again, that’s just like saying “locking your doors and windows at night isn’t as safe as you think”. Perhaps it doesn’t provide a full solution, but it shouldn’t exactly be disparaged.

Share
Published by
Craig Haley