BabelCrypt: The Universal Encryption Layer for Mobile Messaging Applications

Ahmet Ozcan, Can Gemicioglu, Kaan Onarlioglu, Michael Weissbacher, Collin Mulliner, William Robertson, Engin Kirda
In Proceedings of the International Conference on Financial Cryptography and Data Security (FC)

mobile security privacy ui

Internet-based mobile messaging applications have become a ubiquitous means of communication, and have quickly gained popularity over cellular short messages (SMS). Unfortunately, from a security point of view, free messaging services do not guarantee the privacy of users. For example, free messaging providers can record and store exchanged messages indefinitely to collect information about specific users. Moreover, these messages can be accessed by criminals who gain access to social media accounts.

In this paper, we introduce BabelCrypt, a system that addresses the problem of automatically retrofitting arbitrary mobile chat applications with end-to-end encryption. Our system works by transparently interfacing with the original client applications supplied by the respective service providers. It does not require any modification to the individual applications, nor does it require any knowledge or customization for specific chat applications. BabelCrypt is able to automatically inject control messages in-band, using the underlying application’s message exchange mechanism, and thus supports running arbitrarily complex encryption protocols such as OTR.

We successfully used BabelCrypt with a number of popular messaging applications including Facebook Messenger, WhatsApp, and Skype. Our evaluation shows that BabelCrypt provides end-to-end security for arbitrary messaging applications while satisfactorily preserving the original user experience of the messaging application.