Insights For Success

Strategy, Innovation, Leadership and Security

Is WhatsApp security Good and trustworthy?

GeneralEdward Kiledjian

Quietly and with little fanfare, Whatsapp released an update to all of its products enabling end-to-end encryption for its 1B+ end users. Funny enough, most users aren't aware that their Instant Messaging tool of choice is now powered by the worlds most secure end-to-end encryption protocol : Signal. 

Can I consider WhatsApp secure?

A couple of weeks ago, OpenWhisper systems announced that its Signal secure protocol has been imbedded into Facebook's WhatsApp instant messaging application. The question I receive daily is "should I consider my Whatsapp communications protected now?"

Before signal there was OTR

Before using the Signal protocol, it looks like the WhatsApp team evaluated the OTR (off the record protocol). OTR provides encrypted point to Point communication but it requires a real time collaboration of the users (aka both have to be online to secure the transmission) which isn't practical for WhatsApp. So they went fishing for something else and stumbled upon Signal.

The Signal difference

Signal actually created an encryption model using the text messaging approach, where messaging is encrypted but it is asynchronous (both parties don't need to be online simultaneously for it to work).

Although text messaging is simple, the complexity of the encryption is model is high.

The protocol was called axolotl. The salamander it is named for has self healing capabilities and the axolotl protocol also has self healing properties.

To simplify it for mass consumption, the procotol was renamed the Signal protocol and now has open source libraries. Cryptogrsphers have been able to build fully function encryption programs comptible with the consummer Signal apps.

Now powering Whatsapp

The integration is now complete in the latest version of Whatsapp on all platforms.

Users running these versions now get full end to end encryption for every message they send and every Whatsapp call they make. All the benefits of the signal protocol are now built in.

We have confidentiality which means the communication is encrypted.

We have integrity which means message alterations will be detected and fail the verification transaction.

Authentication is possible (which is good) but you need to take extra steps to do so. Keep reading.

Participant consistency is also important but defaults to off (has to be enabled manually).

They also claim to have destination validation, which requires the above 2 to work, so technically it is available and built in.

They have forward secrecy which means a future compromise of a private key will not allow the decryption of past messages.

They have backward secrecy, which means a past compromise of a private key will not compromise future protected communications. Keys are constantly being changed and re-negotiated.

They have message unlinkability, which means messages are independent, asynchronous, can arrive independently or be missing, without affecting the fucntioning or efficiency of the entire system.

Message repudiation is also there, which means the sender can deny sending a message. This works because the receiver can forge a message that looks like it came from the other party. Which means none of the participants can claim (to a 3rd party) that a message originated from the other party with verifiability. All that can be claimed is that the sender or the recipient sent the messages. To most this seems bad but in the world of security, this is a good think.

Simple but complex

We all know Whatsapp is a simple to use product but the actual encryption is very complicated and therefore beyond the scope of this post.

As an example, they create static Diffie Hellman encryption keys. Then they create a set of ephemeral keys. Then they use a triple Diffie Hellman protocol to exchange their ephemeral keys and they use a Diffie Hellman key agreement 3 times to take their private key and the other person's ephemeral public key and create a key agreement.

The other user takes his private key and the other persons Diffie Hellman public key to create a second agreement. Then they take the ephemeral keys and use that with Diffie Hellman to get a third set of keys and they concatenate all of these together to create a master session key.

The ratchet

In an interactive protocol a ratchet is where you evolve a key that you agree upon as you send messages back and forth. You ratchet the key forward.

The problem is that this requires real time communications. The innovation here is that they developed an offline ratchet using a hash. Each time both parties are online at the same time, an online ratchet is performed and resynchronize the offline ratchet hash.

First sessions establishment

In real time communications you can create a shared key in realtime. But how do you do this is an asynchronous model with someone you have never messaged before?

To solve for this issue, when you register your Whatsapp client with the server, your client pre seeds the server with 100 ephemeral public keys and assigns an ID to each. This means someone wanting to send you a message for a new communication stream, picks up one of those keys in order to bootstrap a secure message.

They use this public key and place it back on the server until you are online. When you come online, that blob is sent back to you. Your client will never allow the re-use of that public key (by removing it from the pending ephemeral key list). This one time use prevents certain types of attacks.

Perfect encryption

Knowing that Moxie (from OpenWhisper systems) worked on it and reading all the documentation, it looks like they implemented a perfectly designed asynchronous encrypted messaging system.

The one caveat & other thing

The one major exception is that you cannot be sure who you are talking to (authentication).

Threema, my favourite truly perfect encrypted and private messaging system, solves this by only guaranteeing authentication when you physically scan the QR code of the other participant's public key.

To solve this, Whatsapp provide a (per communication thread) QR code or 60 decimal digit user verification code. This code contains both parties encryption keys.

So the problem is you need to perform this verification at least once per conversation thread. This guarantees there is no middleman. Where you can't visually exchange codes, you can read the 60 digit code to each other. If the codes are different, it means there is a man in the middle.

For some reason if the codes change, you are not automatically notified. But under account security, you can enable this notification.

Go to Settings, then Account, then Security, and ensble the switch

Everyone needs to turn this on (participant consistency). The only time a code should should change during a conversation is if the other party installs the app on a new device (or a reset device), in which case you will already likely know and can disregard the alert.

I also want to remind readers that although the messages themselves are encrypted, there is still metadata. There is no technological way to communicate without leaving a trail of metadata today. Metadata is data about your data : such as who you communicate with, how often and how much data you exchange with each other.

Whatsapp is not open source

Many security researchers dislike closed source security applications because there is no way to independently validate the implantation (aka. Know for sure that no one has implemented a back-door or injected malicious code.)

Technology is only as good as its implementation and although the encryption math is perfect, applications rarely are. At some point we have to put our crazy hats down and trust that companies are tying to do the right thing for their users.

Conclusion

Facebook has done a very good job and with the flip of a switch, they have gifted 1B people with easy to use and powerful encryption. I still love Threema because it has better authentication but the truth is none of my contacts use it.

I am excited that more people will be brought into the wonderful world of encryption and have their discussions protected.

Major shift in loyalty incentives needed for programs to survive

GeneralEdward Kiledjian

Users have a love or hate relationship with loyalty programs. You either love them, because they deliver amazing value, or hate them because you think they’re a worthless scam.

A 2014 McKinsey report showed that companies with loyalty programs (55 publicly traded North American & European companies were surveyed) had the same or less growth than those that had no loyalty programs : 4.4 vs 5.5% per year since 2012. Companies with strong visible loyalty programs seemed to also have EDITDA margins 10% less than companies without loyalty programs in the same sector.

On the flip side, companies with strong and vibrant loyalty programs seemed to have better market capitalization. In fact over a 5 year period, companies with loyalty programs outpaced those without. This may stem from the hope that these loyalty programs will help those organizations drive long-term growth.

The future of loyalty is upon us

No the future of loyalty points isn’t bitcoin, but rather the technology that allows bitcoin to work: the blockchain.

The easiest way to think about these 2 parts is that the blockchain is the operating system and bitcoin is simply one application running on that operating system.

What is the blockchain?

The blockchain is a public ledger that records every legitimate transaction permanently. Once recorded, the record cannot be altered, deleted or changed. Blockchain uses a distributed consensus model, which means no one person, government, group or organization can force changes onto it.

The blockchain is what allows complete strangers who have never met and will probably never meet to conduct a trust-based exchange completely transparently without having to trust each other and without having to go through a central trusted third party (government, bank, notary, lawyer, etc.)

The other characteristic of the blockchain is that it can enable trust-based transaction while maintaining total privacy and anonymity. It can but it doesn’t have to. It all comes down to how it is used.

The blockchain is moving beyond Bitcoin

Until recently, no conversation about the blockchain was possible without talking about bitcoin. People often confused one for the other, but this is changing. Large financial companies are evaluating use of the blockchain to simplify cross-border transactions while improving trust and reducing costs.

If someone is able to marry absolute verified identity to blockchain technology then we could even see very old school lawyer based (expensive) processes move to this medium and become much cheaper and digitally fast (think of marriage, voting, buying/selling of property, etc.).

I believe that in the next 5-10 years the blockchain will become the holder of digital truth, it will completely change many traditional business processes and will provide a level of digital truth that is unmatched even in the real world.

What does bitccoin have to do with loyalty?

Gift cards moving to blockchain because of fraud

The National Retail Foundation says that gift cards have been the number one requested gift for 8 years in a row. CEB TowerGroup say 125 billion dollars have been loaded onto gift cards in 2014.

Like all items of great value, there are bad people out to steal and the industry is constantly challenged with fraud. Until the recipient uses the card, anyone in the chain can steal money from it by copying the unique identification number (processor, distributor, retailer, giver).

How bad is fraud? the National Retail Foundation says 78% of retailers have been victims of gift card fraud.

Benefits of the blockchain for gift cards

Using blockchain technology could eliminate gift card fraud or theft. Each transaction is given a unique identifier, which means someone can’t use the incoming gift card identifier to spend the money. It also means the receiver can verify that the transaction is authentic and that no one else has used the received gift card, since everything is recorded in the blockchain. Once the blockchain powered gift card is stored in a digital wallet, the only person that can spend it is the true owner of the wallet since all transactions are protected by an owner-known private key. The blockchain would prevent “double spending” of a card so a fraudulent bad actor can’t sell a used gift card to an unsuspecting victim.

What’s the motivator for brands and companies

In addition to helping curb fraud, it is also much cheaper to perform a blockchain based transaction (typically about 1 penny). This includes the full life cycle of a transaction from issues, transfer to use. Compare this to most modern plastic card-based systems that cost about $1.50 per transaction.

Blockchain gift cards and the user experience

The technology may be advanced and the protection fantastic but the experience can be simple. Companies have started using bitcoin and blockchain in the back end to improve security while being completely transparent to the end users. The user receives a card and uses it as normal.

Back to Loyalty Programs

If I have airline miles, but would rather trade them for coffee loyalty points, I have to go through one of the traditional trading platforms. These platforms have preset transfer amounts and take a huge cut of the transaction.

In a world where loyalty points are digitally held in a blockchain backed system, I see the rise of highly competitive, open and transparent marketplaces where customers could trade or sell these loyalty points using an open market (supply and demand) system.

The traditional loyalty points systems will be converted to merchant issued currencies. Instead of issuing Aeroplan miles for every mile flown, Air Canada could issue Air Canada cryptocurrency that a traveller could then use to buy upgrades, tickets, amenities, on board goodies, etc. Once we move to this model, these different branded cryptocurrencies could be traded like any other currency. I could trade Tim Hortons cryptocurrency for Air Canada cryptocurrency at a fair market rate.

Trading the branded cryptocurrencies

Trading various branded cryptocurrencies in a fair, open and transparent market means everyone will see the real time value of the branded cryptocurrencies they hold.

It could be used as a market measurement of trust in a company. If the market believes that XYZ airline may go under, then its branded cryptocurrency may be severely discounted, whereas a trusted brand’s cryptocurrency may be much more expensive and used as the “gold standard” for value measurement.

Instead of wasting money on expensive consultants to conduct brand valuation, companies could look at the fair market trading value of their cryptocurrency. The company can then use this as a means of measuring its marketing or PR investments.

How it benefits the customer

Branded cryptocurrencies become a fraud-resistant, immediately tradable commodity. This means I can sell the thing I don’t want and get more of what I want immediately.

In the traditional loyalty model, I conduct a transaction with a merchant (e.g. Fly on Air Canada) but only receive my loyalty rewards in the future (could be days, weeks or months later). In the branded cryptocurrency world, I would receive my “points” immediately when I check into my flight at the gate and can then use this currency to buy goodies on the flight. If I stay in a hotel, I could use their cryptocurrency immediately in the hotel restaurant. This means customers are incentivized to use points faster then and there. It’s better for the customer. It’s better for the merchant. It’s better for the brand.

Financial benefits to companies issuing branded cryptocurrrencies

When a loyalty point is issued, it becomes a liability on the books for that company. Some new entrants are claiming that branded cryptocurrency may change this.

The founders of Ribbit.me claim that if a company issues branded cryptocurrency on the blockchain using an algorithm, it creates an asset for the receiver without a countervailing liability for the issuer because the liability lies with the blockchain itself. If this turns out to be true (and only time will tell if governments will approve this), then companies will be able to take millions of dollars of liabilities off their books.

Conclusion

I believe the market will force companies to adopt this new model, and it will be a significant shift for many.

Ultimately it will democratize the world of loyalty programs and be better for every participant involved.

  • It will improve trust
  • Completely get rid of fraud
  • Drive down transaction costs
  • Force companies to be responsive
  • Create a fair trading open and transparent marketplace that would allow customers to have more of what they want and divest from things they don’t

How to secure Windows 10

GeneralEdward Kiledjian

The first misconception I want to tackle is that Windows 10 is magically more secure than Windows 7/8.1. The reality is that it isn't, but it benefits for 15 years of continued hardening and security improvements to the Windows core itself.

Having said it isn't materially more secure doesn't mean it's not better. Windows 10 includes some tools to make computing safer for the average user. 

Windows Defender is included with every updated system and is Microsoft’s built in anti-malware tool. It is an all-in-one-security tool delivered for free to all licensed Windows 10 users and the best part is that everything is automatically taken care of in the back end for you. It is automatically updated and performs scans automatically. 

For most users, this is the only anti-malware product they will need. This means most users won’t have to buy a security suite from Symantec, McAfee, ESET, Kaspersky, etc. I do recommend installing a second anti-malware product configured to run only on demand (not real time). This second product is a way of getting a second opinion if something feels weird or as a monthly preventative maintenance strategy. I recommend using a free tool such as Malwarebytes free.

Automagically downloading and installing product updates for you. One of the most critical privacy and security improvements you can make is to ensure your computer is always patched and up to date. With Windows 10, Microsoft will push out OS (and Microsoft product) updates automatically. This means you never have to worry about your OS patches again. Just make sure the other apps on your PC are updated regularly. 

Choosing a secure browser is the second recommendation. My primary browser of choice is Google's Chrome because it is fast and includes many security features (such as auto-updating, sandboxing, etc). Once it is installed, go out and add a plug-in called UBlock Origin (exists for Chrome and Firefox). Ublock origin is a web firewall whose purpose in life is to keep you safe (plus it is an ad blocker so the web becomes faster and more responsive),

Backup your system regularly. I cannot over state how important it is to backup your critical information. Computers will crash. Hard drives will die. Make sure you have a plan B,C and D. Read my article about backups. The TL;DR version is that all data should follow the 3:2:1 rule:

  • 3 copies of your data
  • on 2 separate mediums 
  • at least 1 offsite copy

So for a home user, this could look like: Keep your data on your computer's hard disk, copy it to an external hard disk and use an external backup service like BackBlaze (use this link to get 1 free month to test out the service with no obligation.). You have 3 copies of your data (PC, hard disk and remote service), in 2 separate mediums (disk/ssd plus internet) and at least 1 offsite.

Use a regular user account. Most malware needs an elevate privilege account to run, install and or propagate. This means you should ensure the account you use for everyday work isn't a privileged account (aka not an admin account). 

Password protect your accounts. Some home users gave one generic family account that can be accessed without a password. This means that any one user can infect the system and then affect everyone else. Always create separate (non privileged) accounts for each user and make sure they each have a password to login.  

Use a trusted VPN when connecting to third party WIFI hotspots. It is easy to track and steal information from users connecting to open (or public) WIFI hotspots. The minute you connect to one, make sure you use a trusted VPN service to make sure no one on the local WIFI network can trick you, spoof a site or otherwise do nasty things to your connection. After reviewing the various VPN services available, I personally use ProXPN because of their no logging policy. I use this on my laptops, smartphones and tablets anytime I connect to a WIFI network I don't own and control.

Use good internet hygiene. Be smart to stay safe. Unless there is an absolute need and you are expecting it, don't execute attachments received via email or instant messaging. Never access a protected website (bank, trading account, etc) through an email link. Always enter the URL yourself in the browser. Don't download applications from unknown/untrusted sources (or use pirated software). These often contain malware just waiting to infect your system. Never give a third-party remote access to your computer (even if they claim to be from Microsoft, Dell, Hp, Apple, etc). 

Is Windows 10 spying on me?

This is a question I receive a lot and the answer is maybe a little bit. The reality is that Windows 10 is a connected operating system and it must send some information back to it's home-base, but Microsoft is not spying on you!

Does Windows 10 contain a Keylogger?

Blogs are abuzz with claims that Windows 10 has a built in keylogger sending everything you type back to Microsoft. Worst yet, some blogs have gone as far as claiming this was done to help the NSA.

The reality is that it does not have a keylogger but does log some keystrokes that it sends back to Microsoft. This is done to improve it's autocorrection functionality. This is similar to how most web based SAAS services work. If you use any Google services, they do the same thing.

Windows 10 has simple privacy settings

Go to Privacy Settings and you will find a dozen different privacy options you can toggle to your hearts content.

You can turn off settings like Microsoft's unique Advertising ID (think of it like a supercookie). The truth is you can turn this off, but any advertiser worth their salt will still track you using your unique browser footprint and any one of the other dozens of web tracking techniques. 

If you want to see one of these techniques in action, visit the Panopticlick website created by the Electronic Frontier Foundation.

One setting you may want to change is in the Feedback & Diagnostics tab.

Change the feedback request frequency to Never and the Send your data to Basic.

Other trick is to "not use the Edge Browser". It doesn't yet support plug-ins (no ad blockers, etc). 

You can also log into this Bing website and delete all of the information Cortana has learned about you. This will lobotomize Cortana but if you want more privacy go ahead and delete it, 

We are living in a connected world

Living in a connected world means we are leaving digital breadcrumbs everywhere. Advertisers know more about you than your mother.

How Target knows you are pregnant through data analytics

Most people don't realize that every smartphone picture they have taken (iPhone, Android, or Windows Phone) contains the exact GPS location where it was taken. 

Manufacturers are fighting (Microsoft, Apple and Google) to build the next best intelligent personal assistant. But to do this, they must analyze your data to provide context aware relevant information you need before you realize you need it. Microsoft and Google perform this analysis in the cloud, which is why they typically provide more relevant responses. Apple, the self stated privacy company,  parses your data for its Proactive Siri functions on the phone and to be honest, it is pretty worthless.

So you have a choice, use these new wonderful tools or become a digital hermit. I do believe we must take educated intelligent decisions about our privacy, but we have to give some of it up, in order to benefit from the wealth of advantages these companies are providing.