BACKGROUND:
Meta has announced plans to delay the global rollout of end-to-end encryption (E2EE) across its messaging applications to 2023. The company previously said it would have E2EE across all its products by 2022 at the earliest. Meta said it would be taking additional time to ensure the implementation across Facebook Messenger and Instagram is done correctly, protecting privacy while also mitigating the risk of online harms.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
<p>E2EE is a technology that was designed to protect the content of a message from interception while in transit. It becomes a significantly more complex design if that communication involves multiple endpoints. </p>
<p>Typical consumer communication applications, however, do not encrypt between the “microphone” and the “network”, leaving a gap in the communication path for interception. For example, to provide transcription services, these applications also still leave E2EE communication vulnerable to unwanted interception. </p>
<p>With software vulnerabilities making devices open to exploit, it is important to ensure a device’s design is secured by default. The UK Government initiative known as Digital Security by Design (DSbD), delivered by UKRI, is working with the tech industry to block by design around 70% of these<strong> </strong>ongoing <wbr />vulnerabilities from exploitation. Making technology inherently more secure would help close this gap in E2EE and prevent attackers from intercepting communications through software vulnerabilities.</p>