The British Army and senior government ministers have outright banned WhatsApp use over fears that Russia is hacking the messaging platform to acquire sensitive information. Secure alternatives are needed, fast.
Please find expert comment below from Matthew Hodgson, CEO at Element, a secure, decentralised messaging app, favoured by governments and secret services worldwide. The app is rapidly gaining traction, with millions of new downloads since the Russian invasion of Ukraine.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
The army, indeed any part of government, shouldn’t be using WhatsApp. While it’s end-to-end encrypted, it’s owned by Meta – the world’s largest data mining company.
WhatsApp is a vendor-hosted, centralised consumer-grade app. That means sensitive army discussions are on Meta-owned servers, leaving the army with no control over how its data is stored, managed or accessed. And, of course, WhatsApp reveals the user’s telephone number as well as their whole address book.
The likes of Signal and Telegram are just as centralised as WhatsApp, and therefore just as vulnerable. A malicious third party has only one place to attack in order to steal valuable data from a centralised app as everyone has put their eggs in a single basket, whereas a decentralised system with end-to-end encryption is far harder to attack – as each organisation can protect their data on their own terms, in their own geography, in their own way.
This is why we’re seeing rapid adoption of secure decentralised communication solutions such as Matrix amongst government organisations and users alike, giving people the confidence to communicate using a trusted provider of their own choosing rather than being held hostage by a massive single entity like Facebook, who may choose to undermine their security at any point, for any reason – deliberately or otherwise.