LINE, Japan’s biggest messaging app, joins ‘zero knowledge’ encryption trend on all platforms
Tue 13 Oct 2015
The application powering Japan’s largest social network has adopted the same device-based encryption which has wrought so much attention from government and investigative authorities since the release of Apple’s iOS 8 operating system brought ‘zero knowledge’ security into the public spotlight in late summer of 2014.
A new feature called ‘Letter sealing’ was announced today, and is available for the various platforms and operating systems that the LINE messaging application supports, including iOS, Android, Windows Phone, BlackBerry, Microsoft Windows, Mac OS X, Nokia Asha series and Firefox OS. End-To-End encryption (E2EE) has been implemented in new updates to LINE, encrypting communications using a key which is stored on the user device instead of remotely in a cloud environment. Both end users in a conversation will need to be using the ZK-enabled version of LINE, and Android users employing the platform on only one device will have letter-sealing enabled automatically, in parity with the default for zero knowledge security in the Android platform.
Under a zero-knowledge encryption scheme, authorities wanting to decrypt a user’s information can only gain access to it by appropriating the user’s device and by some method obtaining the password to access the device. The service provider has no way of accessing its users’ own encrypted information, even when constrained to by legal demands.
LINE suffered a security controversy in 2013 when it was revealed that messages were being sent over clear text when using mobile data, and encrypted ‘most of the time’ when sent over Wi-Fi. The revelation that the system was vulnerable to a Man-in-the-Middle (MitM) attack coincided with ire from the Thai police authorities about The LINE Corporations’s lack of cooperation in helping them to eavesdrop on suspects. Of LINE’s 200 million users, 18 million are in Thailand.
The new ZK features in LINE are initially being applied to one-to-one chats and location sharing, but the release states that letter-sealing will be rolled out across all communications features and devices eventually.
The LINE platform already has a range of other security features including time-limited messaging and passcode locking, and also runs a Bug Bounty program soliciting reports on system vulnerabilities. The platform is certified globally by SysTrust, SOC2 and SOC3.