BBM, Whatsapp, and Why You Should Switch
We have all followed BlackBerry for weeks trying to predict what the once tech-giant would do in its seemingly last steps in the business. Companies revered BlackBerry Service as a ‘perk’ rather than a mere communication tool. It nurtured a great loyalty that eventually BlackBerry couldn’t cash in, and look where it is now.
History is proof to the importance of the BlackBerry Service and how well it served its clients. The security and reliability is the life of the company and its last bet seems to be heading in this direction by having 25,000 of its enterprise servers deployed to manage secure networks for corporate smartphones, up from 19,000 in July.
For the common individual, this may seem unimportant. What concerns us comes in the shadow of recent news of NSA surveillance of millions of individuals across a span of years, ranging from text messages, emails, phone calls. We would understand the potential danger of spying on German Chancellor Angela Merkel, but us regular people would make not much of a difference in global politics.
Still, the fact remains that the spread of such techniques and its massive spread across nations and organizations force us to consider that surveillance is not confined to governments, but organizations, movements, and whomever with curiosity and political backing.
Whatsapp is a service that encompasses millions of daily active users spanning across globe. Despite its widespread access, the company has become notorious to being slow in rolling out new features, improvements, and so forth. According to my good friend and security expert, @Vipwoody, this is his take on Whatsapp and BBM:
Encryption methods behind Whatsapp are very weak that you should assume that anyone who is able to eavesdrop on your Whatsapp connection is capable of decrypting your messages, giving enough effort.
You should consider all your previous Whatsapp conversations compromised. There is nothing a Whatsapp user can do about this but except to stop using it until the developers can update it (if they ever do so.)
A couple of points regarding encryption mechanisms:
1. Whatsapp uses custom SASL WAUTH-1 mechanism to authenticate your phone number. Generates key using PBKDF2, same encryption used both ways.
2. With some sort of effort, anyone can decrypt your Whatsapp conversations. You should consider all previous conversations as compromised.
3. BBM uses TLS (Transport Layer Security), a very well researched and well known protocol. Same technology used for Internet Banking.
4. BBM always uses standard TLS deployment to remove vulnerability from their service.
I would suggest that you use BBM instead of Whatsapp if you are exchanging sensitive information in your organization or for your own privacy concerns.
I would suggest following his advice when passwords and pin codes are in the conversation. In the end, you don’t want your neighbor or some rogue hacker to enjoy feeding off your recklessness.
Image Credits: Augustman.com