Can End-to-End Encryption Be Hacked?

We have become so reliant on communicating on the Internet that sometimes we need to take a minute to consider how our data is being protected and whether what we send on the Internet is truly safe.

While end-to-end encryption has become integral to protecting our data online, you may be thinking, can end-to-end encryption be hacked? While it’s the industry standard for protecting our messages, videos, and cloud storage, nothing is impenetrable, and some vulnerabilities could give hackers access to encrypted data.

For this reason, we answer the question, can end-to-end encryption be hacked, how can we protect encrypted data, and how post-quantum cryptography is rapidly becoming essential for the future of our online lives.

Table of contents

• What is end-to-end encryption, and how does it work?
• Types of end-to-end encryption
• Where end-to-end encryption is used
• Can end-to-end encryption be hacked by cybercriminals?
• Can end-to-end encryption be hacked by quantum computers?
• How post-quantum cryptography can prevent hacking
• Timeline to implement post-quantum encryption
• Companies with post-quantum encryption

1. Internxt
2. Cloudflare
3. Telefónica
4. Google
5. Tuta

• FAQ

What is end-to-end encryption, and how does it work?

End-to-end encryption, sometimes called E2EE, is a method of securing communications, files, or your internet connection so that no external parties can view the information in plain text and use it maliciously.

Say, for example, you want to send a message to someone. When you send it, your device encrypts the text to ciphertext (something like this: Q29a9f83Hk2nB7d1pYx93Lz+RmEwXZvPnT0zUQn5LxY= ) using a unique key only known to your device and the recipient.

The message is sent over the internet in its encrypted form and can’t be viewed by anyone; only the recipient’s device has the matching key to decrypt and read the original message.

The process looks something like this:

Types of end-to-end encryption

Can end-to-end encryption be hacked? The answer depends on many factors. Encryption itself is designed with security in mind to prevent hackers, but sometimes, data breaches can happen due to a mismanagement of security protocols that manage encrypted data.

There are many types of encryption methods used; here are some of the most common:

1. AES (Advanced Encryption Standard)

Widely regarded as the industry standard for platforms like cloud storage, AES encryption is a widely used symmetric encryption algorithm that encrypts data in fixed-size blocks. It's known for its speed and security, making it ideal for encrypting large volumes of data in the cloud.

2. RSA (Rivest-Shamir-Adleman)

RSA is an asymmetric encryption algorithm that uses a pair of keys: a public key for encryption and a private key for decryption. It's commonly used for secure data transmission and digital signatures.

3. Elliptic Curve Cryptography (ECC)

ECC is a form of asymmetric encryption that uses the mathematics of elliptic curves to provide the same level of security as RSA but with smaller key sizes, making it faster and more efficient.

4. Post-quantum cryptography (PQC)

When asking can end-to-end encryption be hacked, one topic that will regularly come up is the advances in post-quantum computers, which are so powerful that they could break current encryption protocols used by companies in minutes or even seconds.

As a result, experts in cryptography have developed post-quantum cryptography, like Kyber-512, to secure against the potential threats of post-quantum computers.

Internxt Drive is the first cloud storage to use this kind of post-quantum encryption to future-proof the security and privacy of your files, ensuring you are protected from data breaches and leaks.

5. Zero-knowledge encryption (ZKE)

Although encryption is secure and unlikely to be hacked, not all encryption focuses on privacy. Let’s take Google or Dropbox as an example. While both are secure, they do not have zero-knowledge, which limits privacy as they manage the keys rather than give you control over the encryption keys.

Therefore, these companies could theoretically decrypt your data, access your files, or give access to law enforcement or government agencies. Dropbox, for example, has a history of data breaches, hacks, and sharing user data without consent.

For a private, unhackable cloud storage solution, Internxt Drive offers zero-knowledge and post-quantum encryption for its free and paid plans.

Where end-to-end encryption is used

E2E is essential for any information you plan to send over the internet. This is why it is used in these services:

Messaging apps to keep your messages, shared files, and phone calls private. Read more about messaging apps here.

Email uses encryption to keep your messages, attachments, and personal information private. Services like Tuta offer encrypted email, and Internxt will also provide a private, zero-knowledge encrypted email later this year.

Cloud storage uses encryption to keep your files private and backs up files to protect against ransomware.

Online banking and financial transactions must encrypt all financial data in line with financial compliance regulations.

Health data has consistently been the primary target for hackers and is the most targeted industry by hackers due to the high sensitivity of patient data. E2E and strict security controls are the only way healthcare providers can prevent this in the future.

Video calls use encryption to keep private conferences or personal video calls safe from external parties. Internxt Meet will offer a fully encrypted platform later this year for Premium and Ultimate plans.

File sharing sensitive documents, such as contracts, legal documents, photos, etc., is protected with E2EE to ensure that the recipient can only open the file.

Voice calls are protected with E2E with encrypted VoIP (Voice over Internet Protocol) services.

Can end-to-end encryption be hacked by cybercriminals?

Theoretically, end-to-end encryption could be hacked, but it’s nearly impossible to break using current technology. In saying that, quantum computers could hack current encryption methods, which is why the National Institute of Standards and Technology and other specialists recommend companies implement post-quantum encryption.

In practice, it’s usually the systems around encryption that get hacked. Hackers expose vulnerabilities in systems to access sensitive information via malware, Man-In-The-Middle (MITM) attacks, or backdoors in the company’s software.

Can end-to-end encryption be hacked by quantum computers?

Although the threat of quantum computers is still years away, they could one day use Shor’s algorithm to factor large numbers into primes rapidly, a task that classical computers take an extremely long time to do.

Since encryption relies on factoring numbers to keep data secure, a quantum computer could use Shor’s algorithm to break encryption by finding the private key from the public key and decrypt sensitive information.  

As of now, quantum computers don’t have the necessary processing power to break modern encryption standards, but companies are preparing for the future. Companies like Internxt have already implemented post-quantum cryptography to ensure your files remain safe and private.

How post-quantum cryptography can prevent hacking

Quantum cryptography secures communications and files using quantum mechanics rather than the complex mathematical problems of traditional encryption. Current encryption relies on factoring large numbers or the elliptic curve equation for security, which are nearly impossible for current computers to break, but easier for quantum computers.

Quantum cryptography, however, is based on physics and how photons behave. These photons can exist in multiple states at once, as opposed to two different states like traditional computers. If a hacker tries to intercept data, the quantum particles carrying the key will change due to the laws of physics, so the encryption key is discarded and a new one is created.

Because PQC relies on the physical behaviour of particles rather than complex maths, it provides more security that even future computers can’t break.

Timeline to implement post-quantum encryption

The National Cyber Security Centre recognizes that migrating to post-quantum cryptography to mitigate the threat of future quantum computers will take several years.

To offer companies guidance through this process, the NISC has set guidelines to follow over the next few years. The core timelines are relevant to all organizations and aim to help technical decision-makers and risk owners of large organizations.

Depending on the scale and maturity of a sector's cryptography protocols, the activities may vary between different infrastructures. The following dates highlight the timeline industries should aim towards implementing PQC to help with the company’s cybersecurity planning.

2028

• Define your company’s migration goals.
• Carry out a full discovery exercise (assessing your estate to understand which services and infrastructure depend on cryptography need to be upgraded to PQC).
• Build an initial plan for migration.

2031

• Carry out your early, highest-priority PQC migration activities.
• Refine your plan so that you have a thorough roadmap for completing the migration.

2035

• Complete migration to PQC of all your systems, services, and products.

Companies with post-quantum encryption

Major tech companies plan to implement post-quantum encryption in their services to prevent the future risks of advanced cyberattacks. Some popular companies have implemented, or plan to implement, PQC in their services.

Internxt

Internxt is a European tech company and the first cloud storage company to use post-quantum cryptography to protect your files. It uses Kyber-512 cryptography, which was awarded by the NIST as the best encryption for file transfers and uploading.

All Internxt plans include post-quantum cryptography, and with paid plans, you get access to an encrypted VPN for up to 5 locations Antivirus, and Internxt Mail and Meet for Premium and Ultimate plans.

Visit the Internxt website to choose your annual or lifetime plan starting from €2/month.

Cloudflare

Cloudflare provides web performance and security services to protect websites from cyberattacks and data breaches. By mid-2025, the company plans to provide end-to-end support for post-quantum cryptography.

Telefónica

Telefónica is a Spanish-based company offering mobile services, broadband, and TV subscriptions.

It has partnered with Halotech Digital Services to integrate post-quantum encryption into IoT devices.

Google

As the biggest cloud storage provider, Google has actively integrated PQC into its systems.

In May 2024, it enabled ML-KEM, an NIST-selected post-quantum key for Chrome on desktop platforms. This will extend to its other services, like Gmail and Cloud console, although a date for expected completion has not yet been specified.

Tuta

Tuta, formerly Tutanota, uses PQC for its email and encrypts the contents of your emails, metadata, and contact names. It uses open-source and is an alternative to mainstream email services like Gmail or Outlook.

Tuta and the future Internxt Mail will be the first private email services to provide PQE.

FAQ

When will quantum computers become a real threat?

Experts anticipate that by 2035, quantum computers could break widely used encryption algorithms like RSA and elliptic curve cryptography.

Can governments bypass end-to-end encryption?

If a company doesn’t use zero-knowledge encryption and manages the encryption keys, there is the risk that the cloud provider could grant access to governments and view encrypted data.

Is end-to-end encryption 100% secure?

E2E is secure but not 100% invulnerable to cyberattacks. While it protects your data in transit and at rest, there is still the potential for vulnerabilities such as outdated software, leaked passwords, malware, and other threats that could lead to access to encrypted information.

Do all cloud providers use end-to-end encryption?

Yes, cloud providers use E2E encryption, but not all providers use zero-knowledge encryption, meaning they are less private, but still secure.