Mobile and cloud users are often unaware of the risks

June 22, 2018

EXECUTIVE SUMMARY:

Federal investigators have been able to access the encrypted messages of former Trump associates who are suspected of foul play. The Washington Post reports that FBI agents were able to easily access encrypted messages from third-party messaging apps such as WhatsApp and Signal on Michael Cohen’s various devices.

This news comes after an earlier report this month that FBI investigators were able to do the exact same thing to find evidence on Paul Manafort. Manafort’s messages were also found on encrypted apps, namely WhatsApp and Telegram – an app which researchers discovered was being exploited for criminal activity, standing in place for dark-web forums.

Why is it so easy for investigators to get through the encryption? Mainly because users aren’t utilizing the tool correctly. As Johns Hopkins University cryptography professor Matt Green told The Post, “The thing that these apps aren’t designed to do is to protect your messages from the endpoints themselves.”

Sure, end-to-end encryption might protect messages from being intercepted or viewed in transit. This protection is useless, however, if the messages remain stored on the sending or receiving device, which could easily be seized with a court order. The same is true of messages which are backed up to cloud storage of any kind. Yet another reason why security in the cloud cannot just be assumed — and that’s true whether you’re a completely innocent, regular user or someone under investigation by the FBI.

Manafort had stored several of his WhatsApp messages in his personal iCloud due to a default function that backs up messages automatically. Investigators used this cloud backup to confirm the sender ID of messages that had been willingly turned over to the authorities by the recipients of said messages, making him a cloud mobile target.

With cloud storage, it is important to remember that responsibility for cybersecurity is shared between storage provider and user. Assumed security can leave users—guilty or innocent—exposed to vulnerabilities, including both good and bad hackers.

Protection of sensitive communications with mobile devices, especially, cannot be taken for granted. The notoriety of President Trump’s refusal to use secured cell phones, for example, is far reaching. According to Buzzfeed News, Fox News insisted that Sean Hannity use a burner phone while visiting Singapore because the network feared that Chinese cybercriminals would try to hack Hannity’s phone to access his communications with the President.

Ultimately, emerging technologies and apps present lessons to be learned. As the aforementioned Matt Green tweeted: “How many of the encrypted app conversations on Michael Cohen’s phone start with ‘don’t worry, this is encrypted!’”

Get the full story at The Washington Post.