The concern for security has been creeping under our noses for some time now. As people get more comfortable with using technology, the threat of our sensitive information being compromised gets bigger. In fact, people are already sharing personal information such as interests, phone numbers, location, and employment indifferently in social networks like Facebook, Google+, and Twitter.
But having your information leaked from social networks is just one of the many issues of online security. Did you know that someone can easily track your online activities if you share the same Wi-Fi network; accessing information such as passwords, credit card information, personal data, and your browsing behaviour?
Who’s After Your Data?
Apart from hackers, the government is also trying to peek at your personal information. With the Cybersecurity Information Sharing Act of 2015 or “CISA”, government agencies such as the National Security Agency (NSA) and Federal Bureau of Investigation (FBI) are being authorised to spy on ordinary citizens using the internet.
With all these entities threatening online privacy, concerned netizens and businesses turn to secure practices to protect sensitive information. No, this doesn’t include “going incognito” or using private browsing sessions. In addition to using Virtual Private Networks to encrypt connections, people are also using secure messaging apps to protect chat conversations.
Today, there are plenty of secure messaging apps available in the mobile space. But only a handful of them prove to be trustworthy. SkyECC, also known as “Sky App”, is not one of them. It is a Blackberry app that uses Elliptic Curve Cryptography (ECC) to encrypt their messages.
For the non-tech savvy, ECC is an encryption technology developed for consumer-level security. It is commonly used by messaging apps for mobile devices. Unfortunately, companies offering apps that use ECC have a nasty habit of discrediting the efficacy of PGP for securing communications. PGP or Pretty Good Privacy is an encryption program that’s time-tested. While ECC sees PGP as an aged tech, PGP has remains secure for 25 years and counting.
In simple terms, PGP works by assigning a pair of keys for each user. One key acts as the public “receiver’s” key, and the other acts as a private key for sending and decrypting received messages.
Additionally, PGP also issues a “session key” to secure the message to be encrypted to the receiver’s public key. It is a one-time key that’s randomly generated specifically for a single message transmission.
In PGP, the private key is bound within a single client, while ECC apps like SkyECC hinge around a public key system. But the main red flag as to why SkyECC isn’t trustworthy is not its competency with ECC encryption. Rather, it’s their promise to deliver a basic necessity when it comes to secure messaging.
SnapChat is an app that allows users to send videos and images to their peers. Although it’s not really a secure messaging app, there are certain things SnapChat can do much better than SkyECC.
It is a core feature that may act as a failsafe method for securing online messages. Unlike SkyECC, SnapChat actually does a great job of destroying sent messages when they’re supposed to.
Self-destructing messages is a critical security feature that ensures no trace of information remains after the message expires. Most chat apps in the market already offer message self-destruct as a last-resort feature. This includes SkyECC, but there is one major flaw with their implementation: the user does NOT have control over when the message will be destroyed as they claimed.
SkyECC Self-Destruct Feature Malfunction
In a video done by IT Security Squad, the message self-destruct feature of SkyECC was put to the test. A primary concern is that the receiving end can manipulate the self-destruct configuration of the sender. This is done simply by adjusting their own self-destruct options, which will surprisingly override that of the sender’s.
For example, you could send a message with a 3-hour self-destruct time. But if the receiver adjusts their self-destruct time to 6 hours, your original setting will be overridden. Furthermore, the receiver will also override the settings on your device; meaning any message you send will now comply with the new 6-hour limit. This happens even after you modify the self-destruct settings again in your device.
Simply put, the user has no control over the self-destruct time in the SkyECC app. Instead, it is accessible only to the server and, oddly enough, the recipient of your messages.
“It is unethical for a mobile privacy company to try to benefit with false claims and features”, says Richard Jensen of IT Security Squad.
In the end, SnapChat is not really a competitor to SkyECC if you want secure messaging. But in a way, it is definitely safer and more reliable. It does exactly what it says, particularly when it comes to destroying information after a set time. Think about this: if the receiver’s phone gets stolen, a SnapChat message will surely vanish, but a SkyECC message may not.