According to the latest security vulnerabilities: Do secure messaging services exist?

Billions of people around the world who use messengers to send and receive text messages, photos, videos and to make phone calls rely on the security of these services. On August 31, Google's Project Zero discovered a critical vulnerability in one of the most widely used services. The vulnerability: video telephony.

Specifically, this involved the memory management of the video conferencing function of the instant messaging service – a very popular function that is easy to apply and convenient. By means of prepared Real-Time Transport Protocols (RTP) for the transmission of audiovisual streams via IP networks, memory damage could be caused there. What this means in specific for users is: Every accepted call could be one of an attacker. As security researcher Natalie Silvanovich wrote on Twitter, the crash of the system could be caused in any case, but potentially this security hole holds even more dangers, such as hackers using the exploit to install espionage software on user’s smartphones.

What users of messaging services should do now ...

Since the security vulnerability at WhatsApp Inc. had been reported, the company has provided patches in new versions 2.18.302 for Android and 2.18.93 under iOS. Prerequisite: Users must be able to download, install and use the latest version. Under iOS, users can find the version number in the App Store under "Updates". Users of Android can see this information under "Settings", "Help" and "App Info".

The messaging vulnerability was discovered by fuzzing (or fuzz testing), where interfaces are automatically "fed" (i.e. tested) with false or correct data. Unwanted reactions are, for example, the crash of an application already mentioned, disconnection, error messages but also the display of confidential information or an increase in used resources such as memory consumption and CPU load. Tested interfaces are comment fields on websites, serial interfaces such as USB, APIs and web services.

Since mid-2014, security researchers from Google's Project Zero have been working on detecting zero-day exploits. Identified bugs and vulnerabilities are reported to the affected vendors and published only after a patch has been released – or 90 days at the latest if there has been no patch – so that users can take security measures themselves. The team publishes source codes on its GitHub pages, general news and updates can be found on the Project zero-blogspot page. An overview of all identified issues of Project Zero can be found here.

... and which app meets user and security requirements

A messaging alternative in the form of an app for Android and iOS is already available today, providing a highly secure messenger and encrypted telephony in one application. This secure service is based on instant message and call encryption. This app is called and already works as suggested by the NATO communication protocol SCIP. In addition, the app will be protected from cyber attacks on iOS and Android in a cryptographically secured container.

This security solution is complemented by the use of the R&S®Trusted Communications Server. The aspect of secure exchange of confidential information is the common thread that runs through all areas of server applications. In times of quantum computing, the R&S®Trusted Trusted Communications Server is developed for cryptoagility. This means that cryptographic procedures and standards can be adapted promptly without requiring functional changes (e.g. for digital certificates).

Thus, the communication and collaboration platform is also suitable for the business use of a private smartphone. To ensure long-term security, the R&S®Trusted Communicator follows the "Security by Design" approach: The cryptographic procedure can be adapted to new challenges at any time without functional changes being necessary.

The usability corresponds to that of well-known communication and collaboration apps.

Related products

R&S®Trusted Mobile

Secure Androind based smartphones and tablets for companies and public authorities

More information

R&S® Trusted Gate

Data centric cybersecurity solution for safe information exchange across cloud computing environments and collaboration tools.

More information






私は、このウェブサイトの出版物に記載されているRohde & Schwarz GmbH & Co. KGおよびRohde & Schwarzの法人および子会社が、
ここで選択した手段 (電子メールまたは郵便メール) を通じて、マーケティングおよび広告目的 (特別キャンペーンや値引きに関する情報など) で、私に連絡することに同意します。その内容は、電子計測、セキュリティ通信、モニタリングおよびネットワークテスト、放送およびメディア、そしてサイバーセキュリティ分野の製品やソリューションを含みますが、上記に限定されるものではありません。



お問い合わせ内容が送信されました。 後ほどご連絡致します。
An error is occurred, please try it again later.