Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Monday January 16 2017, @10:07AM   Printer-friendly
from the tradeoffs dept.

A security vulnerability that can be used to allow Facebook and others to intercept and read encrypted messages has been found within its WhatsApp messaging service.

Facebook claims that no one can intercept WhatsApp messages, not even the company and its staff, ensuring privacy for its billion-plus users. But new research shows that the company could in fact read messages due to the way WhatsApp has implemented its end-to-end encryption protocol.

Privacy campaigners said the vulnerability is a "huge threat to freedom of speech" and warned it could be used by government agencies as a backdoor to snoop on users who believe their messages to be secure.

Source: WhatsApp vulnerability allows snooping on encrypted messages

Reporting at Ars Technica took a different view — Reported "backdoor" in WhatsApp is in fact a feature, defenders say:

At issue is the way WhatsApp behaves when an end user's encryption key changes. By default, the app will use the new key to encrypt messages without ever informing the sender of the change. By enabling a security setting, users can configure WhatsApp to notify the sender that a recently transmitted message used a new key.

Critics of Friday's Guardian post, and most encryption practitioners, argue such behavior is common in encryption apps and often a necessary requirement. Among other things, it lets existing WhatsApp users who buy a new phone continue an ongoing conversation thread.

[...] Moxie Marlinspike, developer of the encryption protocol used by both Signal and WhatsApp, defended the way WhatsApp behaves.

"The fact that WhatsApp handles key changes is not a 'backdoor,'" he wrote in a blog post. "It is how cryptography works. Any attempt to intercept messages in transmit by the server is detectable by the sender, just like with Signal, PGP, or any other end-to-end encrypted communication system."

[...] Ultimately, there's little evidence of a vulnerability and certainly none of a backdoor—which is usually defined as secret functionality for defeating security measures. WhatsApp users should strongly consider turning on security notifications by accessing Settings > Account > Security.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 5, Insightful) by pTamok on Monday January 16 2017, @11:36AM

    by pTamok (3042) on Monday January 16 2017, @11:36AM (#454344)

    Backdoor or not, it is certainly undesirable behaviour - I would have thought it would be desirable to inform the user that the encryption key had changed before re-sending undelivered messages - that is, give the user the choice of accepting the re-keying or not, before re-sending sensitive information with a new key*.

    There may be good User Interface related reasons for not wanting to do this, as it might make the application confusing to use. I can't comment on that.

    The general issue of WhatsApp being closed-source software, so you do no know if it does what is claimed in any case, and also do not know if undocumented backdoors have been added is only slightly relevant here. If you are using WhatsApp, you are trusting Facebook (a company based in the USA) to keep your private information private. The advisability of doing that will probably depend on how paranoid you are.

    *It is true that encrypted data transmission protocols exist that routinely re-key without the explicit knowledge of the user and without explicit acceptance by the user - it is 'baked-in' to the protocol (e.g. IPSEC and SSL, configured to support this correctly), and it is a security feature - e.g. some VPN software implementations will offer the capability to every so often regenerate (from private keys) the ephemeral symmetric keys used to encrypt data being sent over the VPN**. This makes things more difficult for someone recording the data stream to decrypt it in its entirety, as you will need to break several successive symmetric keys, rather than 'just' one for the whole transaction. If you regard the conversation (multiple messages) between two WhatsApp users as a single datastream, then re-keying without notification seems reasonable. On the other hand, if you regard each individual message as a transaction, then changing the key on a message without telling the end-user seems unreasonable. It might 'just' be a matter of perspective. Given that people want WhatsApp to 'just work', adding a UI hurdle that most people would just click through might be counterproductive.

    **For example, see StrongSWAN: Expiry and Replacement of IKE and IPsec SAs - https://wiki.strongswan.org/projects/strongswan/wiki/ExpiryRekey [strongswan.org]
    Note that Perfect Forward Secrecy requires such re-keying, but re-keying alone does not guarantee Perfect Forward Secrecy - the ephemeral keys generated need to have been generated in a particular way - https://scotthelme.co.uk/perfect-forward-secrecy/ [scotthelme.co.uk]

    Starting Score:    1  point
    Moderation   +4  
       Insightful=4, Total=4
    Extra 'Insightful' Modifier   0  

    Total Score:   5  
  • (Score: 2) by arslan on Monday January 16 2017, @11:39PM

    by arslan (3462) on Monday January 16 2017, @11:39PM (#454606)

    That's useful for techies... but regular folks don't know what that term even means. Sure you can use plain english... but short of learning all the basic crypto principals in plain english how can they possibly make a good informed decision on how to manage key rotation optimally?

    WhatsApp is not targetted at techies.

    • (Score: 0) by Anonymous Coward on Tuesday January 17 2017, @07:45AM

      by Anonymous Coward on Tuesday January 17 2017, @07:45AM (#454790)
      If the techies use whatsapp properly would it be about as secure as Signal? So far I do get the "security code" change warning BEFORE I even send a message. If that happens consistently then if you care about security you wouldn't send anything sensitive till you verify that things are really OK.

      To me the real hole might be stuff like whatsapp web. After all if the browser client isn't doing the decryption of messages then there's one hole right there.