Google Hangouts doesn’t use end-to-end encryption, law enforcement can access it

Google Hangouts doesn’t implement end-to-end encryption, when users message or talk with someone on Hangouts is exposing to Government Wiretapping.

Edward Snowden has revealed how the US intelligence spy on communication worldwide, despite the market is offering solutions that promise to be “NSA-surveillance proof” the majority of people still use messaging apps like iMessage or Google Hangouts.

The IT giants have always denied any involvement in the surveillance programs operated by the US Government, Apple for example, has always refused any accusation related the possibility to eavesdrop conversations over iMessage and Facetime. Apple explained that user privacy and security are top priorities for the company, speaking about its popular messaging systems the implementation of end-to-end encryption implies that only sender and receiver can access the information.

“Apple has always placed a priority on protecting our customers’ personal data, and we don’t collect or maintain a mountain of personal details about our customers in the first place. There are certain categories of information which we do not provide to law enforcement or any other group because we choose not to retain it. For example, conversations which take place over iMessage and FaceTime are protected by end-to-end encryption so no one but the sender and receiver can see or read them. Apple cannot decrypt that data. Similarly, we do not store data related to customers’ location, Map searches or Siri requests in any identifiable form.” states an official advisory issued by the company.

The declaration was criticized by security experts that sustain Apple is able to access user’s conversations. In 2013 at a Hack in the Box the presentation titled How Apple Can Read Your iMessages and How You Can Prevent It demonstrated that the situation was different and that Apple was able to read iMessages due to the control of encryption keys.

Another popular messaging system under accusation is Google Hangouts that could be used for both text-based as well as audio-video conversations. Google always sustained that messages were encrypted did not provide further information on its ability to access them

“When you message or talk with someone on Hangouts, your information will be encrypted so that it’s secure. This includes your Hangouts conversations and video calls on a web browser, on the Hangouts Android and iOS apps, and in meetings through Chromebox for Meetings. states Google.

During a Reddit AMA Christopher Soghoian, the principal technologist at the American Civil Liberties Union, requested for clarification to Richard Salgado, Google’s director for law enforcement and information security, and David Lieber, the senior privacy policy counsel .

“Why has Google refused to be transparent about its ability to provide wiretaps for Hangouts?” asked Soghoian “Given Google’s rather impressive track record regarding surveillance transparency, the total secrecy regarding the company’s surveillance capabilities for this product is quite unusual.”

Salgado replied that the popular messaging system Hangouts is encrypted “in transit” and that “there are legal authorities that allow the government to wiretap communications.”

This means that Google protect information in transit, but it admits that the company is able to access it once arrives on its servers.

google-hangouts

Lorenzo Franceschi-Bicchierai reported that Google confirmed to Motherboard that Hangouts doesn’t use end-to-end encryption, a circumstance that confirms the ability of the company to wiretap conversations at the request of law enforcement, even when user turn on the “off the record” feature.

According to data included in the Google Transparency Report, the company rarely receives by law enforcement requests to perform spy on its products including Google Hangouts, in 2013 it received just 19 requests and in H1 2014 only seven requests.

The Google spokesperson avoided providing further details related to the orders issued by law enforcement that specifically address Google Hangouts.

Pierluigi Paganini

Subscribe to Cyber Defense Magazine

Join our mailing list, no strings attached. We never sell your data. We'll send you monthly e-magazines, webinar invites from us and our partners, cybersecurity trade show updates, awards, infosec news, cybersecurity tips and so much more on all things cyber defense.
Subscribe

Related News

How the Cloud Upended Security – and How Encryption Helps Restore It Why Access Control Is Critical in The Path to Cyber Insurance Readiness Secure access for a connected world Using Identity for Access Is a Huge Cybersecurity Risk Addressing the Unique Obstacles in Healthcare Through Policy-Based Access Control
May 14, 2015

CyberDefenseMagazine Follow 24,016 54,487

Cyber Defense Magazine - The Premier Source for IT Security and Compliance Information. https://t.co/748STKH6k0.

cyberdefensemag

cyber defense awardsWe are in our 11th year, and Global InfoSec Awards are incredibly well received – helping build buzz, customer awareness, sales and marketing growth opportunities, investment opportunities and so much more.
Cyber Defense Awards

12th Anniversary Global InfoSec Awards for 2024 are now Open! Take advantage of co-marketing packages and enter today!

Show Me!
X