You may have thought twice about the security of messages sent over WhatsApp, or about using an app for online banking. After all once you press ‘send’ or ‘transfer’, your data is in cyberspace, where theoretically anything could happen to it. Luckily, you need not worry. WhatsApp and major banking apps prevent unauthorised access to your data by 'scrambling' the information sent from one person to another into a lengthy code making it unreadable for anybody else attempting to access it.
This process is called encryption, and without it, everything from your weekend plans to your bank account would be easily accessible by hackers.
How it works
When data is encrypted, the sender and the receiver are the only people that can decrypt the scrambled info. This is because of ‘keys’, which grant only the users involved access to modify the data to make it unreadable and then readable again.
On WhatsApp for example, every message sent has its own unique lock and key and only the sender and receiver have access to these keys. This prevents other people from seeing the information (including WhatsApp itself) as the relayed information is unreadable gibberish. This is referred to as ‘end-to-end encryption’.
Not all encryption is equally effective
When implemented properly, encrypted data could take a hacker billions of years to crack based on sheer brute force attacks. This is because encryption codes use complex mathematical algorithms and long numerical sequences that are difficult to decrypt. (A brute force attack is a method used by a hacker to try as many combinations of passwords or encryption keys until the correct one is found. It is usually carried out using software to scan through the combinations.)
There are different types of encryption however, each with varying levels of effectiveness, as measured in “bits”. The higher the number of bits an encryption has, the harder it is for a hacker to crack. A low-bit key is one with fewer combinations, so would be fairly easy to crack for a hacker with dedicated computer resources. The larger the key, the harder this becomes, exponentially. For example, a 5-bit key has 32 possible combinations, a 6-bit key has 64 combinations, a 7-bit key has 128 combinations, and so forth. A 10-bit key has a thousand combinations, a 20-bit key has a million combinations, a 30-bit key has a billion combinations.
Considering most Android, Apple and Windows apps have at least 128-bit Advanced Encryption Standard, which has more than 300,000,000,000,000,000,000,000,000,000,000,000 key combinations, you can expect them to be exceptionally safe. Same goes for 192 or 256-bit AES encryption keys which many governments use for sensitive data. For example, it would take fifty supercomputers an estimated 3.4 x 1,038 years to break the 256-bit encryption key.
But as BTA’s IT consultants often see, it isn’t the lack of encryption, or weakness of encryption that leads to a security breach. It is human error. The app’s security is often only as good as the security of the device it is on. Banking apps will automatically log you out of the app fairly quickly. But even with a 1-2 minute window, it is possible that someone could access your account if you mistakenly leave your phone on a café counter for example. Many messaging apps, don’t require you to log in at all, but just remain accessible with the selection of the app icon on your phone. Encryption is of no use then, no matter how many bits, or how well tested.
Free consultations from the business IT experts
If you are interested in protecting yourself and your business, BTA will do a comprehensive security consultation of your business’s IT infrastructure, software and practices, as well as a seminar on cyber security for your employees to reduce the chances of human error putting your organisation at risk. BTA is a leading managed services provider based in Wandsworth, London, offering the full spectrum of IT services including disaster recovery, cloud solutions, IT help desk support and network design & implementation.
For more information, call 020 8875 7676 or email firstname.lastname@example.org.