Vanish Mode

Earlier this year, a British man, Aditya Verma, was acquitted in a Spanish court where he was accused of public disorder. A few years prior, Verma had joked to his friends in a private Snapchat group about a bomb threat before he boarded his flight from Gatwick to Menorca. He had sent the message before boarding the flight, where it was picked up on the airport wifi by UK security services. Following this, two Spanish F-18 fighters flanked the EasyJet flight to its destination, where the plane was thoroughly searched and Verma arrested. While there is discourse to be had about the severity of Verma's actions, this story left me with a different question: how in the world was this message able to be read?

To delve into this, I think it is important that we understand how encryption works. Remember, Snapchat media is end-to-end encrypted, whereas messages are protected by Transport Layer Security (TLS). TLS is the most widely deployed security protocol on the internet, and it provides privacy and integrity to two communicating applications. Its most visible use is in securing HTTPS, where communications between a web application and its server are encrypted. Having studied cryptography briefly, I thought I had a general understanding of how this process works, but the steps are much more complex than I first thought. In this specific case:

1. Initiation: The client, sends a message to the server, dubbed "ClientHello." This includes the client's TLS version, a list of encryption algorithms and compression methods, and a randomly generated number to be used later.

2. Response: It is now the server's turn to send an aptly named "ServerHello." This includes the highest TLS version both client and server can support, an encryption algorithm and compression algorithm from the provided lists, and yet another randomly generated number.

3. Authentication: The server now sends over its digital certificate to the client, where it is authorized using trusted authorities. This certificate contains the server's public key; perhaps I will write about public key cryptography another day.

4. Client Key Exchange: After the client validates the server's key, it then generates a "pre-master secret." For these purposes, we can imagine this to be any random number which is then encrypted by the public key and the encryption algorithms chosen earlier. Using this pre-master secret and the two random numbers, both the client and the server generate "session keys."

5. Session Key: Quick sidebar on a session key. This is known as a symmetric process, where the same key is used for encryption and decryption. As is in the name, a session key is discarded after the session has ended.

6. Confirmation: The server then sends the client a pre-master secret confirmation. This is encrypted by the session key, and if the server can read it, confirms that the key exchange and authentication process was successful. This marks the end of the TLS Handshake process.

7. Data Transmission: At this point, a secure connection is set up between the client and server. Identities have been verified and all communication will be encrypted with a one-time, randomly generated key. The client and server can now safely exchange data.

So with all these security processes in place, how was Verma's message able to be read? One theory was that the Airport Wifi flagged the keywords, but a spokesperson for the airport quickly shut down this theory. As he was acquitted, the judgment stated the following: "The accused could not even remotely assume... that the joke he played on his friends could be intercepted or detected by the British services, nor by third parties other than his friends who received the message."

To this day, we do not have an official confirmation of how security services were able to intercept this message. One theory is that intelligence agencies have a backdoor to servers where copies of these messages are stored. Another is that a concerned friend raised the alarm. Regardless, it was quite harrowing to think about the dwindling position of privacy in today's world. Nevertheless, if this post can provide any reassurance, it's that end-to-end encryption is no joke. Anyone would tell you that once a TLS Handshake is established, it is almost impossible to beat. If, however, you want to err on the side of caution, I would simply recommend avoiding threatening matters of public safety.

EDIT: Ha! I just published this and saw that Ticketmaster was hacked today. Poetic timing