Wire (software)
Wire is an encrypted communication and collaboration app created by Wire Swiss. It is available for iOS, Android, Windows, macOS, Linux, and web browsers such as Firefox. Wire offers a collaboration suite featuring messenger, voice calls, video calls, conference calls, file-sharing, and external collaboration –all protected by a secure end-to-end-encryption. Wire offers three solutions built on its security technology: Wire Pro –which offers Wire's collaboration feature for businesses, Wire Enterprise –includes Wire Pro capabilities with added features for large-scale or regulated organizations, and Wire Red –the on-demand crisis collaboration suite. They also offer Wire Personal, which is a secure messaging app for personal use.
History
Skype's co-founder Janus Friis helped create Wire and many Wire employees previously worked for Skype. Wire Swiss GmbH launched the Wire app on 3 December 2014. In August 2015, the company added group calling to their app. From its launch until March 2016, Wire's messages were only encrypted between the client and the company's server. In March 2016, the company added end-to-end encryption for its messaging traffic, as well as a video calling feature. Wire Swiss GmbH released the source code of the Wire client applications in July 2016.. In 2018, Wire launched its collaboration solution featuring end-to-end encrypted chat, conferencing, video calls and file-sharing on desktop and mobile for businesses.Features
Wire offers end-to-end encrypted messaging, file-sharing, video and voice calls, and guest rooms for external communication.The app allows group calling with up to ten participants and video conferences support up to four users. A stereo feature places participants in "virtual space" so that users can differentiate voice directionality. The application adapts to varying network conditions.
The application supports the exchange of animated GIFs up to 5MB through a media integration with a company called Giphy. The iOS and Android versions also include a sketch feature that allows users to draw a sketch into a conversation or over a photo.
Wire is available on mobile, desktop and web. The web service is called Wire for Web. Wire activity is synced on iOS, Android and web apps. The desktop version supports screen sharing.
Wire’s technology solution can be deployed either in the cloud, private cloud or on-premises.
One of the latest features rolled out by Wire is a secure external collaboration capability called 'guest room'. Wire’s secure guest rooms feature extends end-to-end encryption to conversations with external parties without requiring them to register, or even download anything.
Wire also includes a function for ephemeral messaging in 1:1 and group conversations.
Technical
Wire provides end-to-end encryption for all features. Wire's instant messages are encrypted with Proteus, a protocol that Wire Swiss developed based on the Signal Protocol. Wire's voice calls are encrypted with DTLS and SRTP. In addition to this, client-server communication is protected by Transport Layer Security.Wire is currently in the midst of working to develop Messaging Layer Security, a new protocol designed to facilitate more secure enterprise messaging platforms under The Internet Engineering Task Force. In 2016, during the IETF meeting in Berlin, Wire proposed a standard that was protected by modern security properties and could be used by companies large and small. During an interview with , Raphael Robert, Head of Security at Wire, mentioned that Messaging Layer Security should be ready to integrate into messaging platforms by 2021.
Wire's source code is accompanied by the GPLv3 but the readme file states that a number of additional restrictions specified by the Wire Terms of Use take precedence. Among other things, users who have compiled their own applications may not change the way it connects and interacts with the company's centralised servers.
Security
Wire implemented a security by design approach, with security and privacy as core values. Wire is 100% open source with its source code available on , independently audited, and ISO, CCPA, GDPR, SOX-compliant.In December 2016, Wire's whitepapers were reviewed by a security researcher at the University of Waterloo. The researcher praised Wire for its open approach to security, but identified serious issues that still need addressing. These included a man-in-the-middle attack on voice and video communications, possible audio and video leakage depending on unspecified codec parameters, the fact that all user passwords are uploaded to Wire's servers, significant attack surface for code replacement in the desktop client, and the fact that the server was not open-sourced, at the time when that article was written. The researcher described the security of Wire as weak in comparison to Signal, but also depicted its problems as surmountable. Wire's developers announced the addition of end-to-end authentication to Wire's calls on 14 March 2017, and started open-sourcing Wire's server code on 7 April 2017. In March 2017, the review was updated with the conclusion that "the remaining issues with Wire are relatively minor and also affect many of its competitors." However, one major issue that remained was detailed as "the Wire client authenticates with a central server in order to provide user presence information. The Wire whitepapers spend an unusual amount of space discussing the engineering details of this part of the protocol. However, the method of authentication is the same as it is on the web: the Wire client sends the unencrypted, unhashed password to the central server over TLS, the server hashes the plaintext password with scrypt, and the hash is compared to the hash stored by the server. This process leaks the user's password to the central server; the server operators could log all of the plaintext passwords as users authenticate."
On 9 February 2017, Kudelski Security and X41 D-Sec published a joint review of Wire’s encrypted messaging protocol implementation. Non-critical issues were found that had the potential of leading to a degraded security level. The review found that "invalid public keys could be transmitted and processed without raising an error." The report also recommended that other security improvements be implemented to address thread-unsafety risks and sensitive data in memory. Wire's developers have said that "the issues that were discovered during the review have been fixed and deployed on iOS and Android. Deployment is ongoing for Wire for Web and desktop apps."
In 2017, Wire published an article going over the implementation of its end-to-end encryption in a multi-device scenario in response to anonymous accounts on social media publishing misleading information about the app and its security.
In May 2017, Motherboard published an article saying that the Wire servers "keep a list of all the users a customer contacted until they delete their account". Wire Swiss confirmed that the statement was accurate, saying that they keep the data in order to "help with syncing conversations across multiple devices", and that they might change their approach in the future.
Awards
In July 2019, Wire won Capterra's Best Ease of Use award in the team communication software category for its B2B solution. Later that year in October, Wire was recognized by Cybersecurity Breakthrough Awards as the first-ever Secure Communications Solution of the Year awardee. In February 2020, Wire won the Cybersecurity Excellence Awards in the following categories: fastest-growing cybersecurity company, best start-up, open-source security, encryption, and zero-trust security. Simultaneously, Cyber Defense Magazine announced Wire as the Best Messaging Security in an RSA 2020 special edition for the Cyber Defense Awards.Privacy policy changes
As of late 2019, Wire is owned by a US company, which makes it "not entirely clear how much jurisdiction the United States will have over Wire data". This is especially problematic, as Wire stores unencrypted meta data for every user. Wire also changed its privacy policy from "sharing user data when required by law" to "sharing user data when necessary". It remains unclear what is considered "necessary". This very vague language means that sharing user data could very well be "necessary" to increase profits, or "necessary" for law enforcement, or any other reason.Business model
Wire Swiss GmbH receives financial backing from a firm called Iconical.In July 2017, Wire Swiss announced the beta version of an end-to-end encrypted team messaging platform. In October 2017, Wire officially released the team messaging platform as a subscription-based communication solution for businesses and in 2019, announced that Ernst & Young chose Wire to develop a self-hosted, secure collaboration and communication platform.