Wire (software)
Wire is an encrypted communication and collaboration app created by Wire Swiss. It is available for iOS, Android, Windows, macOS, Linux, and web browsers such as Firefox. Wire offers a collaboration suite featuring messenger, voice calls, video calls, conference calls, file-sharing, and external collaboration –all protected by a secure end-to-end-encryption.[8] Wire offers three solutions built on its security technology: Wire Pro[9] –which offers Wire's collaboration feature for businesses, Wire Enterprise[10] –includes Wire Pro capabilities with added features for large-scale or regulated organizations, and Wire Red[11] –the on-demand crisis collaboration suite. They also offer Wire Personal, which is a secure messaging app for personal use.
Developer(s) | Wire Swiss GmbH |
---|---|
Initial release | 3 December 2014 |
Repository | |
Operating system | Android iOS Linux macOS Windows |
Platform | |
Type | Communication software |
License | |
Website | wire |
History
Skype's co-founder Janus Friis helped create Wire and many Wire employees previously worked for Skype.[12] Wire Swiss GmbH launched the Wire app on 3 December 2014. In August 2015, the company added group calling to their app.[13] From its launch until March 2016, Wire's messages were only encrypted between the client and the company's server. In March 2016, the company added end-to-end encryption for its messaging traffic, as well as a video calling feature.[14][15] Wire Swiss GmbH released the source code of the Wire client applications in July 2016.[16][17] In 2018, Wire launched its collaboration solution featuring end-to-end encrypted chat, conferencing, video calls and file-sharing on desktop and mobile for businesses.[18]
Features
Wire offers end-to-end encrypted messaging, file-sharing, video and voice calls, and guest rooms for external communication.[8]
The app allows group calling with up to ten participants and video conferences support up to four users.[19][20] A stereo feature places participants in "virtual space" so that users can differentiate voice directionality.[13] The application adapts to varying network conditions.
The application supports the exchange of animated GIFs up to 5MB through a media integration with a company called Giphy.[21] The iOS and Android versions also include a sketch feature that allows users to draw a sketch into a conversation or over a photo.[22]
Wire is available on mobile, desktop and web. The web service is called Wire for Web.[23] Wire activity is synced on iOS, Android and web apps.[24] The desktop version supports screen sharing.[25]
Wire’s technology solution can be deployed either in the cloud, private cloud or on-premises.[10]
One of the latest features rolled out by Wire is a secure external collaboration capability called 'guest room'.[26] Wire’s secure guest rooms feature extends end-to-end encryption to conversations with external parties without requiring them to register, or even download anything.[27]
Wire also includes a function for ephemeral messaging in 1:1 and group conversations.[28][29]
Technical
Wire provides end-to-end encryption for all features. Wire's instant messages are encrypted with Proteus, a protocol that Wire Swiss developed based on the Signal Protocol.[30][31] Wire's voice calls are encrypted with DTLS and SRTP.[13][30] In addition to this, client-server communication is protected by Transport Layer Security.[12]
Wire is currently in the midst of working to develop Messaging Layer Security (MLS), a new protocol designed to facilitate more secure enterprise messaging platforms under The Internet Engineering Task Force (IETF).[32] In 2016, during the IETF meeting in Berlin, Wire proposed a standard that was protected by modern security properties and could be used by companies large and small.[32] During an interview with Dark Reading,[32] Raphael Robert, Head of Security at Wire, mentioned that Messaging Layer Security (MLS) should be ready to integrate into messaging platforms by 2021.
Wire's source code is accompanied by the GPLv3 but the readme file states that a number of additional restrictions specified by the Wire Terms of Use take precedence.[33][34][35] Among other things, users who have compiled their own applications may not change the way it connects and interacts with the company's centralised servers.[36][37]
Security
Wire implemented a security by design approach, with security and privacy as core values.[18] Wire is 100% open source with its source code available on GitHub, independently audited, and ISO, CCPA, GDPR, SOX-compliant.[38][39]
In December 2016, Wire's whitepapers were reviewed by a security researcher at the University of Waterloo.[40] The researcher praised Wire for its open approach to security, but identified serious issues that still need addressing. These included a man-in-the-middle attack on voice and video communications, possible audio and video leakage depending on unspecified codec parameters, the fact that all user passwords are uploaded to Wire's servers, significant attack surface for code replacement in the desktop client, and the fact that the server was not open-sourced, at the time when that article was written. The researcher described the security of Wire as weak in comparison to Signal, but also depicted its problems as surmountable. Wire's developers announced the addition of end-to-end authentication to Wire's calls on 14 March 2017,[41] and started open-sourcing Wire's server code on 7 April 2017.[42] In March 2017, the review was updated with the conclusion that "the remaining issues with Wire are relatively minor and also affect many of its competitors."[40] However, one major issue that remained was detailed as "the Wire client authenticates with a central server in order to provide user presence information. (Wire does not attempt to hide metadata, other than the central server promising not to log very much information.) The Wire whitepapers spend an unusual amount of space discussing the engineering details of this part of the protocol. However, the method of authentication is the same as it is on the web: the Wire client sends the unencrypted, unhashed password to the central server over TLS, the server hashes the plaintext password with scrypt, and the hash is compared to the hash stored by the server. This process leaks the user's password to the central server; the server operators (or anyone who compromises the server) could log all of the plaintext passwords as users authenticate."[40]
On 9 February 2017, Kudelski Security and X41 D-Sec published a joint review of Wire’s encrypted messaging protocol implementation.[43] Non-critical issues were found that had the potential of leading to a degraded security level. The review found that "invalid public keys could be transmitted and processed without raising an error."[43] The report also recommended that other security improvements be implemented to address thread-unsafety risks and sensitive data in memory.[43] Wire's developers have said that "the issues that were discovered during the review have been fixed and deployed on iOS and Android. Deployment is ongoing for Wire for Web and desktop apps."[44]
In 2017, Wire published an article going over the implementation of its end-to-end encryption in a multi-device scenario in response to anonymous accounts on social media publishing misleading information about the app and its security.[45]
In May 2017, Motherboard published an article saying that the Wire servers "keep a list of all the users a customer contacted until they delete their account".[46] Wire Swiss confirmed that the statement was accurate, saying that they keep the data in order to "help with syncing conversations across multiple devices", and that they might change their approach in the future.[46]
Awards
In July 2019, Wire won Capterra's Best Ease of Use award [47] in the team communication software category for its B2B solution. Later that year in October, Wire was recognized by Cybersecurity Breakthrough Awards [48] as the first-ever Secure Communications Solution of the Year awardee. In February 2020, Wire won the Cybersecurity Excellence Awards[49] in the following categories: fastest-growing cybersecurity company, best start-up (EU), open-source security, encryption, and zero-trust security.[50] Simultaneously, Cyber Defense Magazine[51] announced Wire as the Best Messaging Security in an RSA 2020 special edition for the Cyber Defense Awards.[52]
Privacy policy changes
As of late 2019, Wire is owned by a US company,[53] which makes it "not entirely clear how much jurisdiction the United States will have over Wire data". This is especially problematic, as Wire stores unencrypted meta data for every user.[54] Wire also changed its privacy policy from "sharing user data when required by law" to "sharing user data when necessary". It remains unclear what is considered "necessary". This very vague language means that sharing user data could very well be "necessary" to increase profits, or "necessary" for law enforcement, or any other reason.[53]
Business model
Wire Swiss GmbH receives financial backing from a firm called Iconical.[15]
In July 2017, Wire Swiss announced the beta version of an end-to-end encrypted team messaging platform.[55] In October 2017, Wire officially released the team messaging platform as a subscription-based communication solution for businesses[56] and in 2019, announced that Ernst & Young chose Wire to develop a self-hosted, secure collaboration and communication platform.[57]
See also
References
- Sneddon, Joey-Elijah (11 October 2016). "Wire, the Encrypted Chat App, Is Now Available for Linux". OMG! Ubuntu! (Blog). Ohso Ltd. Retrieved 15 October 2016.
- "Former Skype team members returning to Windows with Wire for Windows". Supersite for Windows. Retrieved 29 October 2015.
- "wireapp/wire-webapp". GitHub.
- "wireapp/wire-desktop". GitHub.
- "wireapp/wire-android". GitHub.
- "wireapp/wire-ios". GitHub.
- "wireapp/wire-server". GitHub.
- "The most secure collaboration platform · Wire". wire.com.
- "Secure business collaboration · Wire". wire.com.
- "Wire technology in your private cloud · Wire". wire.com.
- "Wire Red – crisis communication software · Wire". wire.com.
- Dredge, Stuart. "Skype co-founder backs Wire - to take on Skype". The Guardian. Retrieved 3 December 2014.
- Pierce, David (12 August 2015). "Messaging App Declares War on Crappy Conference Calls". Wired. Condé Nast. Retrieved 12 August 2015.
- Kahn, Jeremy (10 March 2016). "Amid Apple's FBI fight, app developers are ramping up encryption". Chicago Tribune. Tribune Publishing. Archived from the original on 11 March 2016. Retrieved 14 July 2016.
- Auchard, Eric (11 March 2016). "Skype co-founder launches ultra-private messaging, with video". Reuters. Thomson Reuters. Retrieved 11 March 2016.
- Meyer, David (22 July 2016). "Wire Wants to Bring Encrypted Chat to Cars and the Internet of Things". Fortune. Time Inc. Retrieved 25 July 2016.
- "Wire Swiss GmbH". GitHub. Retrieved 25 July 2016.
- "Wire brings secure collaboration to North America". www.businesschief.com.
- "How do I start or end a group call?". Wire Swiss GmbH. Retrieved 22 August 2017.
- "Start a video conference call". Wire – Support.
- "Wire and Giphy Make Communication Fun". AppMess. Retrieved 30 June 2015.
- "Communicating "I Love You" in the Emoji Era". PSFK. Retrieved 17 July 2015.
- Perez, Sarah. "Skype Co-Founder Backs Wire, A New Communications App Launching Today On iOS, Android And Mac". TechCrunch. Retrieved 2 December 2014.
- Sawers, Paul (2 December 2014). "Wire wants to be Skype for the modern age, launches with the backing of Skype co-founder Janus Friis". VentureBeat. Retrieved 2 December 2014.
- Lopez, Napier (30 July 2016). "Open-source Wire messenger gets encrypted screen-sharing". The Next Web. Retrieved 1 September 2016.
- "Guest rooms · Wire". wire.com.
- "Invite a guest with an existing Wire account to my team conversations". Wire – Support.
- "Safe and tidy with Timed Messages". Wire Swiss. 25 October 2016. Retrieved 26 October 2016.
- Mott, Nathaniel (25 October 2016). "Encrypted Messaging Apps Wire And Signal Turn To Ephemeral Messages". Tom's Hardware. Purch Group Inc. Retrieved 26 October 2016.
- "Wire Security Whitepaper". Wire Swiss GmbH. Retrieved 15 July 2016.
- "Add attribution". GitHub. Wire Swiss GmbH. 9 May 2016. Retrieved 15 July 2016.
- "Inside MLS, the New Protocol for Secure Enterprise Messaging". Dark Reading.
- wireapp. "wire-desktop/LICENSE at master · wireapp/wire-desktop · GitHub". Github.com. Retrieved 2017-12-16.
- wireapp. "wire-ios/README.md at develop ¡ wireapp/wire-ios ¡ GitHub". Github.com. Retrieved 2017-12-16.
- "Legal · Wire". Wire.com. Retrieved 2017-12-16.
- Menge-Sonnentag, Rainald (27 July 2016). "Wire-Messenger ist jetzt vollständig Open Source". Heise.de (in German). Retrieved 28 July 2016.
- "Wire iOS client". GitHub. Wire Swiss GmbH. Retrieved 28 July 2016.
- "Wire Swiss GmbH". GitHub.
- https://www.x41-dsec.de/reports/X41-Kudelski-Wire-Security-Review-Web-Calling.pdf
- "Wire". Cryptography, Security, and Privacy (CrySP). 28 March 2016. Retrieved 22 August 2017.
- "A major upgrade to calling". Medium. Wire Swiss GmbH. 14 March 2017. Retrieved 14 March 2017.
- "Open sourcing Wire server code". Wire Swiss GmbH. 7 April 2017. Retrieved 7 April 2017.
- Kudelski Security and X41 D-Sec (8 February 2017). "Security Review – Phase 1" (PDF). X41 D-Sec. Retrieved 9 February 2017.
- "Wire's independent security review". Medium. Wire Swiss GmbH. 9 February 2017. Retrieved 9 February 2017.
- "Key verification to secure your conversations · Wire". wire.com.
- Cox, Joseph (12 May 2017). "Secure Messaging App Wire Stores Everyone You've Ever Contacted in Plain Text". Motherboard. Vice Media LLC. Retrieved 13 May 2017.
- "Wire Reviews 2020 - Capterra". www.capterra.com.
- "2019 Winners | CyberSecurity Breakthrough Awards".
- "Cybersecurity Excellence Awards". Cybersecurity Excellence Awards.
- "2020 Cybersecurity Excellence Awards". Cybersecurity Excellence Awards. February 6, 2019.
- "StackPath". www.cyberdefensemagazine.com.
- "Cyber Defense Awards | The Most Prestigious Cybersecurity Awards in the World – 7 Years Running…". www.cyberdefenseawards.com.
- "Cutting the Wire". ThinkPrivacy. 2019-12-06. Retrieved 2020-01-05.
- Cox, Joseph (2017-05-12). "Secure Messaging App Wire Stores Everyone You've Ever Contacted in Plain Text". Vice. Retrieved 2020-01-05.
- Lomas, Natasha (20 July 2017). "Wire launches e2e encrypted team messaging in beta". TechCrunch. Oath Inc. Retrieved 22 August 2017.
- "Encrypted messaging app Wire is taking on Slack with its new business messenger platform | Verdict". www.verdict.co.uk. Retrieved 2017-11-10.
- "Wire by EY brings secure messaging to accounting". May 16, 2019.