These apps encrypt data for transmission. But how common is, really, it to attempt to intercept data in motion? Even if the messages were in plain text, how commonly has that occurred? All the hacking I’ve ever heard of is either breaking into databases (data at rest) or hacking into a device (e.g., Pegasus). I would think it would be fairly easy to target an individual if you wanted to. You go right to the device and see everything in plain text.
You may have heard of something called the NSA running programs called PRISM and Upstream. You may have heard the name Snowden.
If not, here’s the short version:
Yes, the NSA did go right to the large Internet providers and basically said, “Send ALL your data traffic to us. But don’t tell anyone in any way about it.”
They later decided that it’s easier to just put wire taps on major fiber optic backbones.
You can probably imagine that the US might not be the only country with an agency like that.
Yeah, end-to-end encryption is most often (but not always) to protect against state agencies. It is also useful for when you don’t want the provider itself (e.g. WhatsApp/Meta) to be able to read your messages.
It’s also not uncommon for many devices these days to be encrypted themselves (Bitlocker on Windows, FileVault on Macs, various implementations on phones), and often using their own hardware encryption chips.
If you truly care about security, you would want all parts of the chain to be encrypted, with nobody except the two communicating people/devices able to decrypt it, and only while their devices are unlocked (after which it will re-encrypt). In practice very few people need strong security like that, but it’s also easy and cheap enough these days it’s more or less automatic.
An example of what happens when you don’t: In the 2010s, before Google made HTTPS the default, it was easy to hijack the Facebook sessions of anyone else on the same wifi: Firesheep - Wikipedia
The trick is to intercept the data in transit. As mentioned, those with access to the transmission - or the power to compell access - can and have intercepted transmissions. But then, most transmissions will be encrypted nowadays. I presume simple SMS text messages are not, but every other situation where you connect to a server (i.e. message transits through a server) the message is encrypted by detault. Even email downloads are encrypted for most servers.
The next logical question is - how secure is that encryption? That’s something everyone would like to know, and the NSA would not like you to know. There are two problems - can encryption be broken in real time, and can it be eventually broken? Because, allegations are the NSA (and likely others) keep large data stores of relevant messages they hope to eventually decrypt. Mathematicians dealing in cryptography claim most ciphers are effectively impossible to decrypt, absent any significant flaw in the algorithm design. (which happens sometimes).
However, at this time it seems the simpler solution is to tap the phone with a software hack - it requires less time trcacking down the data path, and no need to install interception on the data, less need to filter gigabytes and Terabytes of data…
Well, we think so, at least. Nobody knows of a quick factorization algorithm, for instance, and everyone thinks that it’s impossible, but nobody’s ever actually proven it.
Oh, one more example that comes to mind… in the old days (like 2010s and before), it used to be common for some organizations like universities or companies to run stateful packet inspection firewalls that can look at unencrypted traffic and selectively filter or block it based on its content. (Sometimes those work on encrypted traffic too by analyzing its shapes and headers and destinations and such, even if it can’t see the content.)
Really anybody on the same network with a “promiscuous mode” network card can see everyone else’s unencrypted traffic and reconstruct it with a free tool like Wireshark. So in an org, all the other students/coworkers’ traffic would be visible to such a person, whether they were a sysadmin, a developer, or a malicious guest.
I think this is still generally true of networks today that don’t practice “client isolation” to keep clients apart. But it’s also much less important now because most transports (like HTTPS) and apps (like WhatsApp) are encrypted by default.
You can also use such tools to monitor the unencrypted traffic of local apps (like a competitor’s app you’re trying to reverse engineer, or a game you’re trying to cheat in). If the app itself does the encryption, then it’s more difficult… you have to find and rip out the private key from memory first, which is quite a bit harder than just running Wireshark.
My understanding of that program was that they were providing transaction metadata, not message content. That is, who is calling whom, from where to where, and when.
Much less now days, because almost everything is encrypted for transmission. Really though, it can be anyone trying to do the interception, for a state level actor (perhaps not even your state) who has infiltrated a major Internet interconnect point, to your techy friend whose WiFi you use at their house.
Probably the currently most dangerous interception happening now days is SMS. The old telecom protocols and systems are not even secure a little bit. This is why SMS as a second factor is considered poor (still much better than no second factor).
It’s also important to distinguish encrypted in transit (like HTTPS) and end-to-end encrypted, like Signal. End-to-end means that the unencrypted data only lives at the two end points. It is not readable anyplace in the middle. Encrypted in transit is like this website. This message was encrypted while transmitted to Discourse, and is encrypted while transmitted to you (the reader), but is also stored unencrypted at Discourse.
Sometimes it’s not about intercepting the message. Sometimes it’s about intercepting the messenger.
Stingray. Confirmed to be used by ICE to track people.
Which latter sentence really has two parts:
-
I don’t want e.g. Meta to read my messages to feed their algorithms or train their AIs. Or satisfy the prurient curiosity of their bored IT workers.
-
I don’t want e.g. Meta to be able to comply with a lawful (or increasingly unlawful) subpoena for my messages. If all they have is encrypted gibberish they can’t decrypt, I’m that much safer from overweening government. Maybe NSA can decrypt that stuff and maybe not. But if Meta has it in plain text, and hands it over when told, that sure makes government trawling efforts a lot easier.
This hasn’t really been a thing for Ethernet since we replaced hubs with switches. A switch only forwards packets to the port corresponding to the MAC address of the destination.
If you have control of a managed switch, you likely have the ability to setup a port as a mirror to capture the traffic sent to another port. This is why physical security of network infrastructure is important.
I’ve done financial software interfaces, similar to PayPal (I am a software developer) and wow, security can get complicated. I can’t talk about WhatsApp/Meta/etc, but I can certainly say multilevel encryption is currently next to impossible to beat today.
Even when quantum computers come on line… someone will generate an encryption scheme they cannot beat.
That said, I don’t know or care about Meta (all my Facebook accounts are fake names) and if your NSA wants to read my bitter WhatsApp messages to my ex-wife for their amusement, I wish them all the happiness I wish her.
I have seen people physically sniff everyone’s traffic off an Ethernet network, and it was not the NSA or Facebook spies doing it.
Who is “everyone”?
Very little traffic is not unicast. Unless you are looking for ARP traffic or DHCP requests, you really won’t see much without being attached to the source or target interface.
Post-quantum cryptography is already here and in use. There are active projects to add appropriate mechanisms to TLS (HTTPS, for encrypting web traffic), and they are available in some places.
Current versions of SSH will complain when the other end of the connection is not using quantum safe cryptography.
There are ways to turn switches into hubs by overflowing their arp tables, and other methods. Putting your packet logger on the router is a good way to capture Internet bound traffic.
In my experience of occasionally running a temporary network for about 150 users from all over the world, in 30 years we’ve gone from unencrypted POP3 logins being the norm, to now, when I don’t even bother to run a web caching proxy to improve performance. There is essentially zero http traffic to cache; it is all https.
I agree, either you use an exploit or you are authorized to access the router or switch and capture the traffic. The reality is that 99.9% of what you capture is going to be ARP, DHCP, DNS, and TLS encrypted traffic.
I’m like you, started in this game in the 90s. I remember setting up my first VPN over ISDN so we could pass internal email with Exchange 5.0 between our Toronto, Ottawa, and Sydney Australia offices. The days of setting up a caching proxy to limit the traffic to Yahoo News is long gone.
Yeah, I’m a nerd, I know how to use Wireshark.
Only to be replaced by the One Big Caching Proxy in the Sky, aka Cloudflare. Now everything is fast and secure, but when there’s a problem, half the world goes dark…
The first rule of Cloudflare is that no one talks about Cloudflare!