Messengers are probably one of the few applications created in recent decades that significantly influence the psychology and behavior of users. Basically, messengers have completely rewritten the rules of communication and changed our emotions during conversations. But if earlier developers paid more attention to various “chips”, special features, an interesting and convenient interface in pursuit of the consumer, now safety comes first.
Ukrainian experts have identified the top safe messengers for personal and professional communication. This became especially relevant in the context of Russia’s war against Ukraine.
Signal
According to Orkhan Gasimov, Technology Director, GlobalLogic, the most secure free messenger is Signal. The application was developed by American cyber security researcher Moxie Marlinspike. Messenger uses end-to-end encryption technology – that is, messages are available only to the sender and receiver, they cannot be read, even if intercepted.
Signal is an instant messaging app that first became popular when Elon Musk recommended it back in January 2021 in a simple tweet.
The messenger app, available for both Android and desktop, is powered by the open-source Signal protocol. Launched in 2013, Signal is now run by the non-profit Signal Foundation, which received a $50 million donation from Brian Acton. Ironically, he is the founder of WhatsApp. Acton is currently the Interim CEO of Signal Messenger LLC.
All conversations sent and received through the Signal service are secure. Neither the company nor anyone else in the path between the sender and the recipient can read messages, view photos or listen to calls. The message is decrypted only after it reaches the intended recipient’s device.
Signal only collects the phone number required for registration. At the same time, your name and photo, if you choose to upload them, will not be available to company representatives. This ensures the highest possible level of privacy.
Has Signal been hacked?
The expert team of the State Special Communications Service received more frequent calls from the military with questions: “We heard that Signal was hacked. What should we do?”. Is it really so?
As the specialists of the State Special Communications assured, as of the summer of 2023 – no. There was an incident in the summer of 2022, which was reported by the company itself. In a statement, Signal said that 1,900 accounts were hacked, which is very few. The accounts of employees of Twilio, which provides SMS verification services for Signal, were subjected to a phishing attack, during which hackers managed to gain access to confidential information.
Hacking Signal is possible, but there are a number of difficult prerequisites for this:
- Knowing your phone number, Russian attackers can intercept an SMS with an access code to the application on the phone with Russian EW devices and base stations of mobile communications (which are possible even on drones). Such a risk is quite high in border areas and war zones.
- The most popular way is hacking through the computer version of Signal – by sending a Word/Excel document or other files in the archive through Signal, which will be executed, and attackers will be able to secretly monitor the screen, take screenshots and intercept keystrokes on the keyboard. Also, Russian hackers can hijack the session of the desktop version of Signal and secretly monitor messages in the account and groups; and even exploiting trust between subscribers by sending messages to legitimate subscribers (again, to further promote and take over other computers and accounts).
Currently, there are active attempts to penetrate by means of social engineering, especially in the Signal-version for the computer.
- It is very important not to accept or trust unknown contacts, they should be blocked immediately. During targeted attacks against specific managers and officers, criminals carry out detailed information gathering and have enough contacts of acquaintances and friends, pretending to be them, asking them to perform certain actions.
Calling back even over an unsecured connection, but for subscriber validation, is better than accepting and trusting messages similar to the description in the screenshot above.
Do not trust files in archives. Be sure to use an antivirus on your computer.
Threema
Experts also add the paid application Threema to the list of safe messengers. It can be used completely anonymously, without adding a phone number or other data. The messenger encrypts all messages, does not store information on the server and does not collect personal data of users.
It is possible to generate an individual identifier, the maximum level of verification is achieved by adding contacts using a QR code.
Threema was developed in Switzerland and launched in 2012.
In January 2022, it became known that the Swiss military was banned from using Telegram, WhatsApp and Signal. Confederate armed forces can download the Threema app. The main reason for the restriction was data security.
According to the Swiss Info article, Threema’s servers are located in Switzerland and are not subject to laws in other countries, in particular in the United States, where the so-called CLOUD Act (or “cloud law”) obliges American technology firms to provide data upon legal request.
And what about other popular messengers?
At the same time, Whatsapp and Facebook Messenger are called the least protected – messengers can decipher and read copies of user messages on the server and transfer data or correspondence to third parties, special services or 
law enforcement agencies. The most popular messengers among Ukrainians – Telegram and Viber – are also less secure. So, for example, end-to-end encryption technology in Telegram is only available for secret chats. Although Viber encrypts messages, the application stores the keys for decryption and the history of correspondence on the server. This means that messages can be deciphered by third parties at any time.
In addition, Telegram and Viber collect personal data of users, such as phone numbers and IP addresses, and may transfer them to third parties upon request.
In order to safely transfer files in messengers and exchange information, experts advise paying attention to end-to-end encryption – for example, creating a secret chat in Telegram, or choosing a more secure messenger. At the same time, users are not advised to save the message history on the device where the messenger is installed.
Safety of servicemen communication
In many countries of the world, some officials and the military are prohibited from using certain messengers because of the openness of the data that such messengers collect on their servers.
So, for example, in the USA, American sailors and employees of the State Department are prohibited from using the TikTok social network. Its servers are located in China, so the government of that country can collect information about the movements of the American fleet or the travels of diplomats.
In early 2022, Switzerland banned the use of WhatsApp, Telegram, Signal and other foreign mobile messengers by its military. Instead, they were told to switch to the Swiss app Threema.
The fact is that at the end of 2021, specialists of the Property of the People organization learned how American law enforcement officers work with mobile messengers. When this document was studied in detail, it was found that 
WhatsApp transmits information about the sender and recipient of each message every 15 minutes (virtually in real time) in response to an observer’s request. iMessage also transmits similar data. Although Signal can only provide the date and time of user registration and the date of last login to the app. Telegram, on the other hand, may reveal the user’s phone number and IP address in the case of requests related to the fight against terrorism. The Viber application also transmits account information.
The Indian Army developed the SAI messenger – its servers are hosted in India, and the code can be modified by local developers to suit their needs.
In France, the open Matrix protocol is used for secret communications, which can be run on your own server. As of the beginning of 2021, Matrix had 28 million users.
About the security of Ukraine and CONVERSATION
For Ukraine, the issue of Internet security of military personnel is now more than relevant. It is worth recalling at least the pre-war attacks on Ukrainian state websites, which at first looked like a defacement, and then turned out to be a much more serious threat.
At the beginning of 2022, it became known that Ukraine also followed the path of creating its own messenger. Specialists of the State Intelligence Service are developing a special secure messenger “Chat” for the Ukrainian military.
Before the start of the full-scale invasion, the “Chat” messenger for the exchange of information between the domestic military was at the stage of active testing. A special task force installed “The Conversation” on their smartphones and studied it. Also, it was planned to deploy a corresponding server platform. The uniqueness of the program is that all its technological components are under the control of the State Special Communications. That is, the information does not travel on other servers in the world. It is, in fact, a corporate messenger in which the main focus is on reliability.
The service mentioned the following advantages of the “Chat” messenger over popular applications:
– all data will be stored on our own server in Ukraine;
– correspondence will be protected by end-to-end encryption using cryptographic protocols and certified session keys;
– only those who have personal accounts created by the administrator will be able to use the messenger;
– to work with the messenger, you will need to authenticate the user using a login and password;
– the possibility for employees to call landline work phones of the interdepartmental telephone communication system.
In addition, the developers of “Chats” stated that their application will have almost all the functions that others have:
– the ability to send text and graphic messages,
– creation of audio and video communication sessions
– push notifications.
In the future, the functionality was planned to be expanded. But to date, there is no information about the fate of testing and implementation of the application.
According to Yury Shchygol, head of the State Intelligence Service, today the military is recommended to abandon WhatsApp or Telegram and use the paid Swiss messenger Threema. It costs $5.
And, finally, tips on how to safely use messengers
1) Specify a nickname instead of a phone number, if this option is available in the messenger.
2) Register an account with a number from another country with a high level of protection and development of democracy. For example, to Germany.
3) Trust the giants less, because they collect personal data.
4) Apple iOS has better security than Android. If you have Android, use only Google from the search engines.
5) Do not leave the device switched on unattended. Set a strong password.
6) Send confidential information only to people you know.
cyber security / intellectual property / messengers / Signal
