Today we’ll go over how this new encryption protocol works, and why it’s needed.

How PQ3 works

All popular instant messaging applications and services today implement standard asymmetric encryption methods using a public and private key pair. The public key is used to encrypt sent messages and can be transmitted over insecure channels. The private key is most commonly used to create symmetric session keys that are then used to encrypt messages.

This level of security is sufficient for now, but Apple is playing it safe – fearing that hackers may be preparing for quantum computers ahead of time. Due to the low cost of data storage, attackers can collect huge amounts of encrypted data and store it until it can be decrypted using quantum computers.

To prevent this, Apple has developed a new cryptographic protection protocol called PQ3. The key exchange is now protected with an additional post-quantum component. It also minimizes the number of messages that could potentially be decrypted.

Types of cryptography used in messengers. Source

The PQ3 protocol will be available in iOS 17.4, iPadOS 17.4, macOS 14.4, and watchOS 10.4. The transition to the new protocol will be gradual: firstly, all user conversations on PQ3-enabled devices will be automatically switched to this protocol; then, later in 2024, Apple plans to completely replace the previously used protocol of end-to-end encryption.

Generally, credit is due to Apple for this imminent security boost; however, the company isn’t the first to provide post-quantum cybersecurity of instant messaging services and applications. In the fall of 2023, Signal’s developers added support for a similar protocol – PQXDH, which provides post-quantum instant messaging security for users of updated versions of Signal when creating new secure chats.

How the advent of PQ3 will affect the security of Apple users

In essence, Apple is adding a post-quantum component to iMessage’s overall message encryption scheme. In fact, PQ3 will only be one element in its security approach along with traditional ECDSA asymmetric encryption.

However, relying solely on post-quantum protection technologies isn’t advised. Igor Kuznetsov, Director of Kaspersky’s Global Research and Analysis Team (GReAT), commented on Apple’s innovations as follows:

“Since PQ3 still relies on traditional signature algorithms for message authentication, a man-in-middle attacker with a powerful quantum computer (yet to be created) may still have a chance of hacking it.

Does it offer protection against adversaries capable of compromising the device or unlocking it? No, PQ3 only protects the transport layer. Once a message is delivered to an iDevice, there’s no difference – it can be read from the screen, extracted by law enforcement after unlocking the phone, or exfiltrated by advanced attackers using Pegasus, TriangleDB or similar software.”

Thus, those concerned about the protection of their data should not rely only on modern post-quantum cryptographic protocols. It’s important to ensure full protection of your device to make sure third-parties can’t reach your instant messages.

An attack they dubbed KeyTrap, which exploits the vulnerability, can disable a DNS server by sending it a single malicious data packet. Read on to find out more about this attack.

How KeyTrap works and what makes it dangerous

The DNSSEC vulnerability has only recently become public knowledge, but it was discovered back in December 2023 and registered as CVE-2023-50387. It was assigned a CVSS 3.1 score of 7.5, and a severity rating of “High”. Complete information about the vulnerability and the attack associated with it is yet to be published.

Here’s how KeyTrap works. The malicious actor sets up a nameserver that responds to requests from caching DNS servers – that is, those which serve client requests directly – with a malicious packet. Next, the attacker has the caching-server request a DNS record from their malicious nameserver. The record sent in response is a cryptographically-signed malicious one. The way the signature is crafted causes the attacked DNS server trying to verify it to run at full CPU capacity for a long period of time.

According to the researchers, a single such malicious packet can freeze the DNS server for anywhere from 170 seconds to 16 hours – depending on the software it runs on. The KeyTrap attack can not only deny access to web content to all clients using the targeted DNS server, but also disrupt various infrastructural services such as spam protection, digital certificate management (PKI), and secure cross-domain routing (RPKI).

The researchers refer to KeyTrap as “the worst attack on DNS ever discovered”. Interestingly enough, the flaws in the signature validation logic making KeyTrap possible were discovered in one of the earliest versions of the DNSSEC specification, published as far back as… 1999. In other words, the vulnerability is about to turn 25!

The origins of KeyTrap can be traced back to RFC-2035, the DNSSEC specification published in 1999

Fending off KeyTrap

The researchers have alerted all DNS server software developers and major public DNS providers. Updates and security advisories to fix CVE-2023-50387 are now available for PowerDNS, NLnet Labs Unbound, and Internet Systems Consortium BIND9. If you are an administrator of a DNS server, it’s high time to install the updates.

Bear in mind, though, that the DNSSEC logic issues that have made KeyTrap possible are fundamental in nature and not easily fixed. Patches released by DNS software developers can only go some way toward solving the problem, as the vulnerability is part of standard, rather than specific implementations. “If we launch [KeyTrap] against a patched resolver, we still get 100 percent CPU usage but it can still respond,” said one of the researchers.

Practical exploitation of the flaw remains a possibility, with the potential result being unpredictable resolver failures. In case this happens, corporate network administrators would do well to prepare a list of backup DNS servers in advance so they can switch as needed to keep the network functioning normally and let users browse the web resources they need unimpeded.

The CVE-2023-24069 and CVE-2023-24068 vulnerabilities: what gives?

The first vulnerability, CVE-2023-24069, lies in an ill-conceived mechanism that handles files sent via Signal. When you send a file to a Signal chat, the desktop client saves it in a local directory. When a file is deleted, it disappears from the directory… unless someone answers it or forwards it to another chat. Moreover, despite the fact that Signal is positioned as a secure messenger and all communications via it are encrypted, the files are stored in unprotected form.

The second vulnerability, CVE-2023-24068, was found upon closer study of the client. It turns out that the client lacks a file validation mechanism. Theoretically, this allows an attacker to replace them. That is, if the forwarded file is opened on the desktop client, someone could replace it in the local folder with a forged one. Therefore, with further transfers, a user will distribute the switched file instead of the one they were intended to forward.

How might these vulnerabilities be dangerous?

The potential risks posed by CVE-2023-24069 are more or less understandable. If a user of Signal’s desktop version leaves their computer unlocked and unattended, someone could gain access to files sent through Signal. The same thing may happen if full disk encryption is enabled on the computer and the owner tends to leave it somewhere unattended (in hotel rooms, for example).

The exploitation of the second vulnerability requires a more comprehensive approach. Let’s say a person frequently receives and sends files through the Signal desktop app (for example, a manager sending tasks to subordinates). Here, an attacker with access to this computer can replace one of the files, or, for the sake of stealth, modify an existing document, for example by inserting a malicious script into it. Thus, with further transfers of the same file, its owner will spread the malware to their contacts.

It’s important to emphasize that exploitation of both vulnerabilities is possible only if the attacker already has access to the victim’s computer. But this isn’t an unreal scenario — we’re not necessarily talking about physical access. It would be enough to infect the computer with malware that allows outsiders to manipulate files.

How to stay safe?

According to the CVE Program, Signal developers disagree with the importance of these vulnerabilities, stating that their product should not and cannot protect from attackers with this level of access to the victim’s system. Therefore, the best advice would be not to use the desktop version of Signal (and desktop versions of messengers in general). But if your working process requires it for some tasks, then we recommend the following:

• teaching your employees not to leave an unlocked computer unattended;
• always using full disk encryption on working devices;
• employing security solutions that can detect and stop malware and attempts at unauthorized accessing of your data.

It’s hard to get to the bottom of the Threema scandal, because both sides’ behavior, while civilized, isn’t ideal. The ETH Zurich team has clearly overstated the significance of its work, which describes not only vulnerabilities but also hypothetical exploitation scenarios, while Threema’s developers are clearly understating the seriousness of the vulnerabilities — claiming they’re near impossible to exploit.

For those interested only in practical takeaways, we suggest jumping straight to them (at the end of this post).

Threema vulnerabilities

All vulnerabilities were responsibly disclosed in October and promptly fixed. According to both sides, there was no in-the-wild exploitation of the vulnerabilities, so there appear to be no grounds to fear disclosure of information regarding them. That said, there’s still reason for concern.

Let’s focus on what can be gleaned from a careful read of the ETH Zurich report, the Threema statement, and other publicly available studies into the Threema app and its protocols.

The app uses strong cryptographic algorithms with robust, standardized NaCl implementation. However, this is wrapped in Threema’s own information exchange protocol — whose implementation is imperfect. This raises the possibility of various theoretical attacks (such as sending a message in a group chat that looks different to different recipients), as well as some rather practical ones. For example, anyone with physical access to the target smartphone will be able to read Threema databases and backups on it relatively easy — if no passphrase has been set to protect the app. It’s also possible to clone a Threema ID, allowing an attacker to send messages in the victim’s name (but not at the same time). Of course, all scenarios involving physical access to a smartphone are mostly worst-case for any app, and they’re incredibly difficult to defend against.

Some of the proposed hypothetical attacks through the new vulnerabilities would work only if an attacker has full control over the data exchange network. But that in itself isn’t enough; other complex exploitation conditions are also required. For example, one scenario requires forcing the victim to send a message with very strange content through Threema. That’s unlikely to work in practice.

Of the flaws in the communication protocol itself, most disturbing is the lack of both forward secrecy and future secrecy. That is, having decrypted one message, you can decrypt later ones. This weakness has been known for some time, for which reason, apparently, in December, Threema announced a fundamentally new, more secure version of its protocol. This new protocol — Ibex — has yet to undergo independent security audits. We can only take the developers at their word when they say that it covers all facets of modern practical cryptography. Threema would be wise to heed the advice of ETH Zurich to externally audit the protocols in the early stages of development — not after releasing them.

To exploit some of the vulnerabilities the Threema server should be compromised and someone on the operator side should be deliberately trying to steal exchanged data or disrupt communication. This is important for organizations that use Threema Work: if a company can’t expose its data even to a hypothetical risk, it should consider switching to Threema OnPrem, where it will have its own internal Threema server. In this case, the administrators need to explore ways to strengthen server security (known as hardening).

App developers, too, need to draw lessons from this situation. “Don’t concoct your own cryptographic algorithms!” cryptography experts scream endlessly (Telegram, for one, didn’t listen). But Threema’s developers employed time-tested cryptographic algorithms with their correct, standard implementation! A number of bugs crept in due to the use of standard cryptography in the original client-server communication protocol, which is deployed instead of standard TLS. Looks like the experts should have screamed “Don’t concoct your own cryptographic algorithms and protocols!”

Practical takeaways

If you chose Threema believing it’s the “most encrypted messenger”, don’t mind using your phone number with an instant messenger, and don’t want to get bogged down in technical details, you’re better off switching to Signal. As proven by real hacks and court orders, Signal’s cryptography and data storage principles are more robust and resistant. If you need have to use Threema as your main working messenger, or you like that your Threema ID isn’t linked to your phone number, you can carry on using it, but just be aware of the risks. They may be hypothetical — but they cannot be completely discounted. Be sure to double-check and verify offline the Threema IDs of new contacts, and use passphrases for secure login.

Medium and large organizations that use Threema in their business processes should seriously consider migrating to Threema OnPrem to have full control over the messenger servers.

Quantum basics

The theoretical ability of a quantum computer to perform ultra-fast factorization of giant integers and thus match keys for a number of asymmetric crypto-algorithms – including RSA encryption – has long been known. Our blog post explains in detail what a quantum computer is, how it works, and why it’s so difficult to build. So far, all experts have agreed that a quantum computer large enough to crack RSA would probably be built no sooner than around a few dozen decades. To factorize an integer 2048 bits long, which is usually used as an RSA key, the Shor algorithm needs to be run on a quantum computer with millions of qubits (quantum bits). That is, it’s not a matter of the nearest future, since the best quantum computers today work at 300-400 qubits — and this is after decades of research.

But the future problem has already been actively thought about, and security experts are already calling for adoption of post-quantum cryptography; that is, algorithms that are resistant to hacking with a quantum computer. There seemed to be a decade or more for a smooth transition, so the news that RSA-2048 might fall as early as in 2023 came as a bolt from the blue.

News from China

Chinese researchers have been able to factor a 48-bit key on a 10-qubit quantum computer. And they calculated that it’s possible to scale their algorithm for use with 2048-bit keys using a quantum computer with only 372 qubits. But such a computer already exists today, at IBM for example, so the need to one day replace crypto-systems throughout the internet suddenly ceased being something so far in the future that it wasn’t really thought about seriously. A breakthrough has been promised by combining the Schnorr algorithm (not to be confused with the aforementioned Shor algorithm) with an additional quantum approximate optimization algorithm (QAOA) step.

The proposed scheme of the hybrid factorization algorithm

Schnorr’s algorithm is used for supposedly more efficient factorization of integers using classical computation. The Chinese group proposes to apply quantum optimization at the most computationally intensive stage of its work.

Open questions

Schnorr’s algorithm was met by the mathematical community with certain skepticism. The author’s claim that “this will destroy the RSA cryptosystem” in the description of the study was subjected to scrutiny and didn’t stand up. For example, famous cryptographer Bruce Schneier said that it “works well with smaller moduli — around the same order as ones the Chinese group has tested — but falls apart at larger sizes.” And no one has succeeded in proving that this algorithm is scalable in practice.

Applying quantum optimization to the “heaviest” part of the algorithm seems like a good idea, but quantum computing experts doubt that QAOA optimization will be effective in solving this computational problem. It’s possible to use a quantum computer here, but it will unlikely lead to time savings. The authors of the work themselves carefully mention this dubious moment at the very end of their report, in the conclusion:

Thus, it looks like even if you implement this hybrid algorithm on a classical + quantum system, it will take as long to guess RSA keys as with a regular computer.

The icing on the cake is that in addition to the number of qubits there are other important parameters of a quantum computer, like levels of interference and errors, and the number of gates. Judging by the combination of required parameters, even the most promising computers of 2023-2024 are probably not suitable for running the Chinese algorithm on the needed scale.

Practical takeaways

While the crypto revolution is once again being delayed, the buzz around this study highlights two security-related challenges. First, when choosing a quantum-resistant algorithm among numerous proposals for a “post-quantum standard”, new algebraic approaches – such as the aforementioned Schnorr’s algorithm – should be studied scrupulously. Second, we definitely need to raise the priority of projects for the transition to post-quantum cryptography. It will seem like a non-urgent matter only until it’s too late…

To protect important data from loss or inappropriate disclosure, follow these seven tips.

1. Enable full disk encryption on all devices

On devices where confidential data is stored or transmitted (i.e., most of them), be sure to enable full disk encryption (FDE). Encryption protects the data in case the device falls into the wrong hands. In Windows, the FDE tool is called BitLocker. The macOS equivalent is FileVault. FDE is enabled by default on most iOS and Android phones; don’t disable it unless absolutely necessary.

2. Restrict confidential data to the office

Another way important data can fall into the wrong hands is through the loss (or theft) of physical media: external hard disks or flash drives. Ideally, they should never leave the office. In fact, if you must write to an external medium, you should encrypt the data beforehand. For example, many security solutions for small businesses support encrypted storage in the form of cryptocontainers.

3. Don’t transfer unencrypted data over the Internet

Sometimes you might need to send confidential data online, by e-mail or a file-sharing service. We strongly recommend avoiding it whenever possible, but if you absolutely have to send information, at least encrypt it first, in case of interception. The easiest way is to create a password-protected archive. Almost all archive utilities have this option. After you encrypt the information, send the password to the recipient through a different channel — for example, attach the information to an e-mail, but send the password through a messaging app that supports end-to-end encryption.

4. Delete sensitive data you no longer need

Even information that’s fallen out of use can still cause problems, so get rid of it. For less-sensitive information, at the very least, delete it and then empty your Recycle Bin so the data can’t be restored with a simple click. For anything even vaguely sensitive, use a file-shredder utility to prevent recovery.

5. Encrypt backups

Backups are crucial, but they can also be a source of leaks. That’s why, before creating backups of confidential data, you should place them in a cryptocontainer.

6. Store more than one copy

Store your data in several places isolated from each other. For example, you might keep one copy of a file on your computer and another on an external drive or in reliable cloud storage. Again, don’t forget to encrypt the files beforehand (or follow all other advice here).

7. Secure archive and cryptocontainer passwords

Losing the password for an archive containing important business data means losing that data. Store passwords in a purpose-built application such as our application for creating and securely storing complex passwords. In addition to its password management utility, our security solution for SMBs also features tools for creating cryptocontainers and automating data backup processes. Naturally, it also protects computers and smartphones from malware, whose tasks can include rooting out company secrets.

That makes this the perfect time to talk about Telegram’s security and privacy.

End-to-end encryption is not the default option in Telegram

The first thing to know about Telegram is that Cloud chats, as Telegram calls its standard chats, are not end-to-end encrypted. (Here’s why end-to-end encryption is important for privacy.)

In a nutshell, the absence of end-to-end encryption means Telegram has access not only to metadata (who you wrote to, when, how often, and so forth), as WhatsApp does, but also to the contents of standard chats with no end-to-end encryption. According to Telegram’s privacy policy at the time of this writing, the data is not used for advertising purposes. However, as we know from experience, policies can change.

How to enable end-to-end encryption for secret chats in Telegram

Telegram does have end-to-end encryption — you just need to enable it. Telegram calls chats with end-to-end encryption enabled Secret chats.

In secret chats, text messages, pictures, videos, and all other files are sent using end-to-end encryption. That means only you and the recipient have the decryption key, so Telegram cannot access the data.

Moreover, the contents of secret chats are not stored on Telegram’s servers. Because secret chats are saved only on the devices of chat participants, they cannot be accessed from another device — and they disappear when you log out of Telegram or delete the app.

Secret chats are available in Telegram’s iOS, Android, and macOS apps. The Web version and Windows app do not support secret chats; they cannot ensure secure storage of chats on the device.

How to create a secret chat in Telegram

Current versions of the Telegram apps do not make the secret chat feature easy to find.

To create a secret chat, you need to open the profile of your chat partner, tap or click the three-dot button (sometimes called More, sometimes not), and select Start Secret Chat.

How to enable end-to-end encryption in Telegram: Starting a secret chat

That opens a chat in which end-to-end encryption is applied to messages (a notification to that effect appears in the chat window at the start). You can also set the time after which messages will be deleted by tapping or clicking the clock icon in the message input box.

Set up a timer in Telegram’s secret chats to delete messages automatically

Of course, the automatic deletion of messages doesn’t prevent your chat partner from taking screenshots, but if they do, you will be notified about it in the chat. The one exception is if the other person is using the macOS app; in that case you won’t get a notification.

Here’s another handy tip: Telegram allows multiple secret chats with the same person. Group chats cannot be secret, however, unlike in WhatsApp, which applies end-to-end encryption to all chats by default.

How to know if a chat is end-to-end encrypted: The padlock icon

Because Telegram chats can be either cloud or secret, in some cases it is important to know which type you are using. If a chat contains sensitive information, it should be secret, right?

Yes, of course. But end-to-end encrypted chats look almost identical to regular ones. To confirm which kind you’re in, look for a padlock icon next to the name or phone number of your chat partner. If it’s there, the chat is secret. If not, then end-to-end encryption is off, in which case you should create a new chat.

How to check if a chat in Telegram is end-to-end encrypted: Look for a padlock icon

You can also tap or click your chat partner’s icon, and if end-to-end encryption is enabled, the words Encryption Key will appear at the bottom of the window that opens.

How to configure Telegram security and privacy

While we’re at it, let’s take a moment to configure security and privacy in the app. Click the Settings button in the lower right corner of the screen and select Privacy and Security.

Telegram security settings

The first step is to make sure no one can read your chats if you accidentally leave your device unlocked and unattended. To do so, select Passcode, tap or click Turn Passcode On, think up a PIN code you won’t forget, set it, and confirm.

Next, select Auto-Lock and set a low value — 1 or 5 minutes. If your device supports fingerprint or face recognition, you can enable the option here.

How to set up security in Telegram

The next step is to set up two-factor authentication to protect your account against hijacking. The primary login method uses a one-time code sent by text, so Telegram lets you set a password as the second factor.

To do so, on the Privacy and Security tab, select Two-Step Verification (Telegram’s term for 2FA), and set a strong combination. Remember that you will rarely enter this password, so it is very easy to forget; store it somewhere safe, such as in a password manager.

What will happen if you forget that additional password? You’ll have to reset your account. In essence, that means submitting a request to remove your account completely, after which you will have to wait seven days. After a week, the account will be deleted (including associated contacts, cloud chats, and channel subscriptions) and you can create a new, completely empty account using the same phone number.

Telegram privacy settings

So as not to share unnecessary details with all 500 million–plus Telegram users, configure your profile privacy appropriately. To do so, go through Telegram’s Privacy settings, changing the set values​ — all options and data are available to everyone by default. We recommend the following:

• Phone Number → Who can see my phone number — Nobody.
• Phone Number → Who can find me by my number — My Contacts.
• Last Seen & Online → Who can see my timestamp — Nobody.
• Profile photo → Who can see my profile photo — My Contacts.
• Calls → Who can call me — My Contacts (or Nobody, if you prefer).
• Calls→ Peer-to-peer — My contacts (or Nobody, if you prefer not to share your IP address with chat partners).
• Forwarded Messages → Who can add a link to my account when forwarding my messages — My Contacts.
• Groups & Channels → Who can add me — My Contacts.

How to set up Telegram privacy

This is also a great time to take a look at Privacy & Security → Data Settings and remove from Telegram storage any information you do not want to be there.

Telegram security for the extremely cautious

The above tips should be enough for most users, but here are a few more for the extra cautious:

• Use a separate phone number to sign in to Telegram — or even a virtual phone number instead of a real mobile number. However, make sure not to use a one-time number or else someone else could access your account.
• Use a VPN to hide your IP address (which Telegram can disclose at the request of law enforcement agencies, for example).
• Consider using another app — one better suited to secure and private communication, such as Signal or Threema. Unlike Telegram, they encrypt all chats by default and have a bunch of extra privacy options. On the other hand, they are less popular and lack some of the features that attract users to Telegram.

Keep in mind that even the most secure messenger is defenseless if someone gains access to your device, either physically or remotely. With that in mind, we recommend always being sure to lock all of your devices with a password or a PIN code, regularly updating all apps and operating systems installed on them, and using a reliable antivirus solution to protect against malware.

What end-to-end encryption is — and its alternatives

End-to-end encryption is the act of applying encryption to messages on one device such that only the device to which it is sent can decrypt it. The message travels all the way from the sender to the recipient in encrypted form.

What are the alternatives? One alternative is to transfer the data in clear text, that is, without encrypting the message at all. That is the least secure option. For example, data sent by SMS is not encrypted, meaning that in theory anyone can intercept it. Fortunately, in practice, doing so requires special equipment, which somewhat limits who can eavesdrop on your text messages.

Another option is encryption-in-transit, whereby messages are encrypted on the sender’s end, delivered to the server, decrypted there, re-encrypted, and then delivered to the recipient and decrypted on their end. Encryption-in-transit protects information during transmission, but using it allows the intermediate link in the chain — the server — to see the content. Depending on how trustworthy its owners are, that can be an issue.

At the same time, using encryption-in-transit includes the server in the communication, which opens up a range of services that go beyond simple data transfer. For example, a server can store message history, connect additional participants using alternative channels to a conversation (such as joining a video conference by phone), use automatic moderation, and more.

Encryption-in-transit does solve the most important problem: the interception of data en route from user to server and from server to user, which is the most dangerous part of a message’s journey. That’s why not all services rush toward end-to-end encryption: For users gaining convenience and additional services may be more important than adding even more data security.

What end-to-end encryption protects against

The main advantage of end-to-end encryption is its restriction of transmitted data from anyone but the recipient. It is as if when you mailed a letter you put it in a box that was physically impossible to open — immune to any sledgehammer, saw, lockpick, and so forth — except by the addressee. End-to-end encryption ensures the privacy of your communication.

Creating an invincible box isn’t really possible in the physical world, but in the world of information it is. Expert mathematicians are constantly developing new encryption systems and improving the strength of old ones.

Another advantage follows from end-to-end encrypted messages being undecryptable by anyone other than the recipient: No one can change the message. Modern encryption methods work in such a way that if someone changes the encrypted data, the message becomes garbled on decryption, making the problem instantly clear. There is no way to make predictable changes to an encrypted message — that is, it’s impossible to replace the text.

That ensures the integrity of your communication. If you receive a successfully decrypted message, you can be sure it’s the same message that was sent to you and that it wasn’t somehow tampered with in transit (in fact, a messaging app will do that for you automatically).

What end-to-end encryption doesn’t protect against

After learning about the benefits of end-to-end encryption, readers might get the impression that it’s the solution to every information-transfer problem. It isn’t, though; end-to-end encryption has limitations.

First, although the use of end-to-end encryption lets you hide the content of your message, that you sent a message to a certain person (or received one from them) will be apparent. The server can’t read the messages, but it is definitely aware that you exchanged messages on a certain day and at a certain time. In some cases, merely communicating with particular people may draw unwanted attention.

Second, if someone gains access to the device you use to communicate, they will be able to read all of your messages, as well as write and send messages on your behalf. Therefore, protecting end-to-end encryption requires the protection of devices and application access — even if only with a PIN code — so that if the device is lost or stolen, your correspondence, along with the ability to impersonate you, does not fall into the wrong hands.

For that reason, devices need to be protected with antivirus software. Malware on a smartphone can read the correspondence on it just as if a living person had physical possession of your phone. That is true regardless of what kind of encryption you use to send and receive messages.

Third and finally, even if you take perfect care of protecting all your devices, and you know for sure no one has access to the messages on them, you can’t be certain about your conversation partner’s device. End-to-end encryption is no help there.

Despite its limitations, end-to-end encryption is currently the most secure way to transfer confidential data, and that’s why more and more communication services are switching to it. That’s a good thing.

From there, they look at how the recent Garmin ransomware incident has affected flying thanks to flyGarmin being knocked offline during the attack.

They also look at how the US government is trying (once again) to add backdoors that will allow law enforcement agencies to sneak into encrypted messages and traffic.

To wrap up, they look at recent news around the Twitter breach showing that about 1,000 people had access to “high-profile” accounts.

• Four years of No More Ransom
• Garmin begins recovery from ransomware attack
• Encryption under “full-frontal nuclear assault” by US bills
• More than 1,000 people at Twitter had ability to aid hack of accounts

Data encryption at the heart of Internet security

At the heart of protecting data on computers and online lies encryption. Encrypting means using certain rules and a character set known as a key to transform the information one wants to send into a seemingly meaningless jumble. To understand what the sender wanted to say, the jumble has to be deciphered, also with a key.

One of the simplest examples of encryption is a substitution cipher whereby each letter is replaced with a number (say, 1 for A, 2 for B, and so on). In this example, the word “baobab” would become “2 1 15 2 1 2,” and the key would be the alphabet with each letter represented by a number. In practice, more complex rules are used, but the general idea remains more or less the same.

If, as in our example, all parties share one key, the cipher is said to be symmetric. Before communication can commence, everyone must receive the key to be able to encrypt their own and decrypt others’ messages. What’s more, the key has to be transmitted in unencrypted form (the receiving parties have nothing yet to decrypt it with). And if that happens over the Internet, cybercriminals might be able to intercept it and then read the supposedly secret messages. Not good.

To get around that problem, some encryption algorithms use two keys: one private to decrypt and one public to encrypt messages. The recipient creates both. The private key is never shared with anyone, so it can’t be intercepted.

The second, public key is designed such that anyone can use it to encrypt information, but after that, decrypting the data requires the corresponding private key. For this reason, there is nothing to fear from sending the public key in unencrypted form or even sharing it for anyone on the Internet to see. This type of encryption is called asymmetric.

In modern encryption systems, the keys are usually very large numbers, and the algorithms themselves are built around complex mathematical operations involving these numbers. Moreover, the operations are such that reversing them is next to impossible. Therefore, knowing the public key is of no use in cracking the cipher.

Quantum cracking

There is a catch, however. Strictly speaking, cryptographic algorithms are designed so as to make cracking the cipher impossible in a reasonable amount of time. That’s where quantum computers come in. They can crunch numbers far faster than traditional computers can.

Thus, the unreasonable amount of time a traditional computer would need to crack the cipher can become perfectly reasonable on a quantum computer. And if a cipher is vulnerable to quantum cracking, that negates the whole point of using the cipher.

Quantum computers: what does it mean for you today?

Protection against quantum cracking

If the thought of wealthy criminals armed with a quantum computer someday decrypting and stealing your data sends shivers down your spine, don’t worry: Infosec experts are already on the case. As of today, several basic mechanisms exist to protect user information from intruders.

• Traditional encryption algorithms resistant to quantum attacks. It may be hard to believe, but we’re already using encryption methods that can stand up to quantum computers. For example, the widespread AES algorithm, used in instant messengers such as WhatsApp and Signal, is too tough a nut — quantum computers accelerate the cracking process, but not by much. Nor do they pose a mortal threat to many other symmetric ciphers (that is, with only one key), although the abovementioned key distribution problem is still in effect here.
• Algorithms developed to protect against quantum attacks. Mathematicians are already devising new encryption algorithms that even mighty quantum technologies cannot crack. By the time cybercriminals arm themselves with quantum computers, data protection tools are likely to be able to fight back.
• Encryption with several methods at once. A decent solution that’s available right now is to encrypt data several times using different algorithms. Even if attackers crack one, they’re unlikely to break through the rest.
• Quantum technologies used against themselves. Using symmetric ciphers — which, as you’ll recall, are less vulnerable to quantum cracking — can be made more secure with quantum key distribution systems. Such systems don’t guarantee protection against hackers, but they will let you know if information was intercepted, so if the encryption key is stolen in transit, it can be scrapped and another one sent. True, that requires special equipment, but such equipment is already available and in operation in some government organizations and private companies.

Not the end of security

Although quantum computers seem able to crack ciphers that are off limits to traditional computers, they are not omnipotent. Also, security technologies are developing ahead of the curve, and they will not give ground to attackers in the arms race.

Encryption as a concept is unlikely to collapse in a heap; rather, some algorithms will gradually replace others, which is no bad thing. In fact, it’s already happening now, because, as we said, progress does not stand still.

As such, it’s worth checking every so often which encryption algorithm a particular service uses, and whether that algorithm is obsolete (that is, vulnerable to cracking). As for especially valuable data destined for long-term storage, it would be wise to start encrypting it now as if the era of quantum computers had already dawned.