Nine months after Edward Snowden revealed extreme Internet surveillance by US and British intelligence agencies, some major technology companies have yet to take rudimentary steps to shield their users' instant messages from eavesdropping.
A CNET analysis shows that Yahoo and ICQ transmit the content of supposedly private instant messages in unencrypted form, exposing them to both government spies and malicious snoops on the same Wi-Fi network. AOL's AIM service encrypts content -- but leaks metadata about who's talking to whom.
These privacy problems were highlighted by a Guardian article Thursday, which revealed that spy agencies were eavesdropping on Yahoo's unencrypted video chats. A surveillance system code-named Optic Nerve "intercepted and stored the webcam images of millions of Internet users not suspected of wrongdoing," the paper said, citing documents provided by Snowden.
That was possible because Yahoo has lagged far behind rivals Google and Microsoft in adopting a standard technique known as SSL that scrambles information before it's transmitted. SSL and similar technologies, if implemented properly, are designed to be proof against even the NSA's aggressive attempts to vacuum up petabytes of Internet traffic.
"We have ample evidence now that Yahoo doesn't really care about security or the confidentiality of its customers' communications," said Chris Soghoian, principal technologist at the ACLU's Speech, Privacy and Technology Project. "Whether it's the lack of encryption in Webmail, or the video issue, Yahoo has ignored repeated warnings from researchers, from human rights activists."
Yahoo users' vulnerability to snoops has been public knowledge for at least a decade. A 2004 article (PDF) in Hakin9 magazine described how to intercept Yahoo messages using the tcpdump utility. "There is no encryption, not even scrambling of the packets content," Hakin9 concluded.
Four years later, CNET contacted Yahoo as part of a privacy survey we conducted of companies providing instant messaging services. Yahoo told us that it uses SSL only to scramble the user's password during the initial authentication, and acknowledged that "Yahoo Messenger does not use encryption for message delivery."
It took Snowden's revelations to spur the company's chief executive, Marissa Mayer, into sealing this gaping security hole. In a blog post last November, nearly half a year after the spy agency files began to leak, Mayer said that Yahoo will "offer users an option to encrypt all data flow to/from Yahoo by the end of Q1 2014." She stopped short of pledging that encryption would be turned on by default, however, a practice that Google's chat system and Skype have followed for over half a decade.
Yahoo has been equally sluggish in adopting encryption for Web e-mail: It finally activated HTTPS encryption for Yahoo Mail by default last month. By contrast, Google enabled HTTPS by default for Gmail in 2010, followed soon after by Hotmail. Facebook enabled encryption by default in 2012.
A Yahoo spokesman yesterday provided CNET with a statement saying: "We are committed to preserving our users' trust and security and continue our efforts to expand encryption across all of our services."
"The only reason they're encrypting e-mail with Webmail now was a front-page story in The Washington Post," said the ACLU's Soghoian. "It was only then, in response to that coverage, that Yahoo turned on SSL by default." That October 2013 article revealed the NSA's Special Source Operations branch collected more e-mail address books from Yahoo than from all other e-mail providers combined. (Gmail addresses were exposed because of Apple's lack of encryption in its Address Book app, a security oversight that Cupertino subsequently fixed.)
Even today, after Yahoo turned on encryption by default for Web-based e-mail (but not instant messaging), it's using older protocols with some known security vulnerabilities. Yahoo's servers also don't support forward secrecy, which would offer an extra layer of protection against government eavesdropping. Google and Twitter do.How we conducted the tests
We tested whether encryption was used in five messaging clients: AOL's AIM, Apple's Messages app connecting to AIM, Google Hangouts, Mail.ru's ICQ, Microsoft's Skype, and Yahoo Messenger. Mail.ru, an Internet company in Russia, where ICQ remains quite popular, bought the service from AOL in 2010.
Neither ICQ nor the Yahoo Messenger Protocol encrypted the content of the communications. That meant that when we sent a message, it was transmitted across the Internet in the clear.
AOL's AIM desktop app made unencrypted connections to api.aim.net that transmitted unique "to" and "from" identifiers. Even if the NSA and GCHQ can't decrypt the content, the unencrypted unique identifiers could add to the agencies' vast trove of metadata charting the social connections of US and other citizens.
AOL and Mail.ru did not respond to requests for comment.
Google Hangouts, Skype, and Messages, on the other hand, used SSL encryption consistently. This is what we expected -- it's been reportedpreviously, and Skype encryption has been studied in some detail -- and our tests confirmed it.
We acknowledge limitations to this test. We didn't evaluate the quality of the SSL cipher suite or its implementation. Nor did we test for certificate exploits. And we didn't test all clients; it's possible that the Windows client for AIM, for instance, behaves differently. (The protocol used by AIM supports unencrypted chats, so if you use a third-party client like Adium, be sure your privacy preferences under user accounts are set to enable encryption.)
We also didn't test mobile apps, though previous reports have pointed to some problems. A 2012 paper (PDF) presented at the Network and Distributed System Security Symposium said that Voypi, an iPhone messaging app, fails to use encryption.
Thijs Alkemade, a computer science student and lead developer for the Adium instant messaging application, posted a Python script last fall to intercept WhatsApp messages. He warned users of WhatsApp, which Facebook subsequently bought for $16 billion:
You should assume that anyone who is able to eavesdrop on your WhatsApp connection is capable of decrypting your messages, given enough effort. You should consider all your previous WhatsApp conversations compromised. There is nothing a WhatsApp user can do about this but except to stop using it until the developers can update it.
An analysis of WhatsApp last week by information security firm Praetorian found encryption flaws, the company said, that "the NSA would love." WhatsApp has said it's fixing them.