As a security feature that comes with many messaging apps and data sharing software, end-to-end encryption is a way of making sure your communications and data is protected. However, is it as secure as we believe?

What is end-to-end encryption?

End-to-end encryption is “a secure communication process that prevents third parties from accessing data transferred from one endpoint to another.” In most cases this works by using asymmetric cryptography. That means the app sending the message or file encodes the data using a cryptographic key and the app receiving it can recover the information using a decryption key. There is only one decryption key that is able to decode the message sent, which means that anyone intercepting the message wouldn’t be able to make sense of the information. Many popular messaging apps, such as WhatsApp, iMessage, Signal and Telegram use end-to-end encryption.

Does end-to-end encryption protect you from hackers?

Like any security technology or process, it’s not completely foolproof, however it would be extremely difficult for a hacker to intercept and access the data without the decryption key. Theoretically, it could be done if the encryption key – or public key – is short enough. However, by using very long key pairs with 2,048 bits (611 decimal digits) long, asymmetric cryptography is currently uncrackable. 

The biggest threat to security with end-to-end encryption is a hacker getting their hands on the decryption key. This could be done either by stealing and accessing the device itself or by using social engineering techniques, such as phishing, to gain information that would allow them access to someone’s private key. In both these cases though, it’s not that the end-to-end encryption has failed.

In the future, as quantum computing becomes more prevalent, there is a real danger that end-to-end encryption could be hacked. Whilst this is a long way into the future, particularly commercially available quantum computing, it’s important to find ways to protect data securely for this scenario.

How can you keep your data secure?

As with all potential security threats, it’s important to implement basic cybersecurity practices, such as making sure all software is updated with the latest security patches, and learning about the different ways malicious actors can manipulate you into giving away confidential information. You should also consider using VPNs, particularly when connecting to public WiFi networks, and always store cryptographic keys securely.