Google Hangouts doesn’t use end-to-end encryption, law enforcement can access it

Pierluigi Paganini May 12, 2015

Google Hangouts doesn’t implement end-to-end encryption, when users message or talk with someone on Hangoutsis exposing to Government Wiretapping.

Edward Snowden has revealed how the US intelligence spy on communication worldwide, despite the market is offering solutions that promise to be “NSA-surveillance proof” the majority of people still use messaging apps like iMessage or Google Hangouts.

The IT giants have always denied any involvement in the surveillance programs operated by the US Government, Apple for example, has always refused any accusation related the possibility to eavesdrop conversations over iMessage and Facetime. Apple explained that user privacy and security are top priorities for the company, speaking about its popular messaging systems the implementation of end-to-end encryption implies that only sender and receiver can access the information.

“Apple has always placed a priority on protecting our customers’ personal data, and we don’t collect or maintain a mountain of personal details about our customers in the first place. There are certain categories of information which we do not provide to law enforcement or any other group because we choose not to retain it. For example, conversations which take place over iMessage and FaceTime are protected by end-to-end encryption so no one but the sender and receiver can see or read them. Apple cannot decrypt that data. Similarly, we do not store data related to customers’ location, Map searches or Siri requests in any identifiable form.” states an official advisory issued by the company.

The declaration was criticized by security experts that sustain Apple is able to access user’s conversations. In 2013 at a Hack in the Box the presentation titled How Apple Can Read Your iMessages and How You Can Prevent It demonstrated that the situation was different and that Apple was able to read iMessages due to the control of encryption keys.

Another popular messaging system under accusation is Google Hangouts that could be used for both text-based as well as audio-video conversations. Google always sustained that messages were encrypted did not provide further information on its ability to access them

“When you message or talk with someone on Hangouts, your information will be encrypted so that it’s secure. This includes your Hangouts conversations and video calls on a web browser, on the Hangouts Android and iOS apps, and in meetings through Chromebox for Meetings. states Google.

That’s why Christopher Soghoian, the principal technologist at the American Civil Liberties Union and an expert on surveillance technology, took advantage of a

During a Reddit AMA Christopher Soghoian, the principal technologist at the American Civil Liberties Union, requested for clarification to Richard Salgado, Google’s director for law enforcement and information security, and David Lieber, the senior privacy policy counsel .

“Why has Google refused to be transparent about its ability to provide wiretaps for Hangouts?” asked Soghoian “Given Google’s rather impressive track record regarding surveillance transparency, the total secrecy regarding the company’s surveillance capabilities for this product is quite unusual.”

Salgado replied that the popular messaging system Hangouts is encrypted “in transit” and that “there are legal authorities that allow the government to wiretap communications.”

This means that Google protect information in transit, but it admits that the company is able to access it once arrives on its servers.

Google Hangouts 3

Lorenzo Franceschi-Bicchierai reported that Google confirmed to Motherboard that Hangouts doesn’t use end-to-end encryption, a circumstance that confirms the ability of the company to wiretap conversations at the request of law enforcement, even when user turn on the “off the record” feature.

According to data included in the Google Transparency Report, the company rarely receives by law enforcement requests to perform spy on its products including Google Hangouts, in 2013 it  received just 19 requests and in H1 2014 only seven requests.

The Google spokesperson avoided providing further details related to the orders issued by law enforcement that specifically address Google Hangouts.

Pierluigi Paganini

(Security Affairs –  Google Hangouts, surveillance)



you might also like

leave a comment