Stories
Slash Boxes
Comments

SoylentNews is people

WhatsApp Vulnerability Allows Snooping on Encrypted Messages -- Or Does it?

posted by martyb on Monday January 16 2017, @10:07AM   Printer-friendly
from the tradeoffs dept.

mrpg wrote in with a story which became:

A security vulnerability that can be used to allow Facebook and others to intercept and read encrypted messages has been found within its WhatsApp messaging service.

Facebook claims that no one can intercept WhatsApp messages, not even the company and its staff, ensuring privacy for its billion-plus users. But new research shows that the company could in fact read messages due to the way WhatsApp has implemented its end-to-end encryption protocol.

Privacy campaigners said the vulnerability is a "huge threat to freedom of speech" and warned it could be used by government agencies as a backdoor to snoop on users who believe their messages to be secure.

Source: WhatsApp vulnerability allows snooping on encrypted messages

Reporting at Ars Technica took a different view — Reported "backdoor" in WhatsApp is in fact a feature, defenders say:

At issue is the way WhatsApp behaves when an end user's encryption key changes. By default, the app will use the new key to encrypt messages without ever informing the sender of the change. By enabling a security setting, users can configure WhatsApp to notify the sender that a recently transmitted message used a new key.

Critics of Friday's Guardian post, and most encryption practitioners, argue such behavior is common in encryption apps and often a necessary requirement. Among other things, it lets existing WhatsApp users who buy a new phone continue an ongoing conversation thread.

[...] Moxie Marlinspike, developer of the encryption protocol used by both Signal and WhatsApp, defended the way WhatsApp behaves.

"The fact that WhatsApp handles key changes is not a 'backdoor,'" he wrote in a blog post. "It is how cryptography works. Any attempt to intercept messages in transmit by the server is detectable by the sender, just like with Signal, PGP, or any other end-to-end encrypted communication system."

[...] Ultimately, there's little evidence of a vulnerability and certainly none of a backdoor—which is usually defined as secret functionality for defeating security measures. WhatsApp users should strongly consider turning on security notifications by accessing Settings > Account > Security.

Original Submission

 
This discussion has been archived. No new comments can be posted.
WhatsApp Vulnerability Allows Snooping on Encrypted Messages -- Or Does it? | Log In/Create an Account | Top | 18 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2, Insightful) by Anonymous Coward on Monday January 16 2017, @11:02AM

    by Anonymous Coward on Monday January 16 2017, @11:02AM (#454340)

    It is things like these that tell you that Facebook is all about furthering the agenda of some people. The hidden hand is behind it.

    This particular app gives its users a false sense of security and you have to remember that a lot of money went into making it look secure.

    Starting Score:    0  points
    Moderation   +2  
       Insightful=2, Total=2
    Extra 'Insightful' Modifier   0  
    Total Score:   2  

  • (Score: 1, TouchĂ©) by Anonymous Coward on Monday January 16 2017, @12:15PM

    by Anonymous Coward on Monday January 16 2017, @12:15PM (#454352)

    I know what you mean. I was sitting alone in a cafe the other day and I happened to overhear some woman at the next table talking about how some childhood friend of hers tracked her down on Facebook after all these years. I really don't want to hear about how everyone is on Facebook these days because I believe everyone should be as isolated as I am. I don't care about WhatsApp vulnerabilities because I've never used WhatsApp and I never talk to anybody and nobody ever talks to me.