SoylentNews
SoylentNews is people
https://soylentnews.org/

Title    WhatsApp Vulnerability Allows Snooping on Encrypted Messages -- Or Does it?
Date    Monday January 16 2017, @10:07AM
Author    martyb
Topic   
from the tradeoffs dept.
https://soylentnews.org/article.pl?sid=17/01/15/045239

mrpg wrote in with a story which became:

A security vulnerability that can be used to allow Facebook and others to intercept and read encrypted messages has been found within its WhatsApp messaging service.

Facebook claims that no one can intercept WhatsApp messages, not even the company and its staff, ensuring privacy for its billion-plus users. But new research shows that the company could in fact read messages due to the way WhatsApp has implemented its end-to-end encryption protocol.

Privacy campaigners said the vulnerability is a "huge threat to freedom of speech" and warned it could be used by government agencies as a backdoor to snoop on users who believe their messages to be secure.

Source: WhatsApp vulnerability allows snooping on encrypted messages

Reporting at Ars Technica took a different view — Reported "backdoor" in WhatsApp is in fact a feature, defenders say:

At issue is the way WhatsApp behaves when an end user's encryption key changes. By default, the app will use the new key to encrypt messages without ever informing the sender of the change. By enabling a security setting, users can configure WhatsApp to notify the sender that a recently transmitted message used a new key.

Critics of Friday's Guardian post, and most encryption practitioners, argue such behavior is common in encryption apps and often a necessary requirement. Among other things, it lets existing WhatsApp users who buy a new phone continue an ongoing conversation thread.

[...] Moxie Marlinspike, developer of the encryption protocol used by both Signal and WhatsApp, defended the way WhatsApp behaves.

"The fact that WhatsApp handles key changes is not a 'backdoor,'" he wrote in a blog post. "It is how cryptography works. Any attempt to intercept messages in transmit by the server is detectable by the sender, just like with Signal, PGP, or any other end-to-end encrypted communication system."

[...] Ultimately, there's little evidence of a vulnerability and certainly none of a backdoor—which is usually defined as secret functionality for defeating security measures. WhatsApp users should strongly consider turning on security notifications by accessing Settings > Account > Security.

Original Submission

Links
  1. "mrpg" - http://reversethis-%7Bgro.swentnelyos%7D%20%7Bta%7D%20%7Bgprm%7D/
  2. "WhatsApp vulnerability allows snooping on encrypted messages " - https://www.theguardian.com/technology/2017/jan/13/whatsapp-backdoor-allows-snooping-on-encrypted-messages
  3. "Reported "backdoor" in WhatsApp is in fact a feature, defenders say" - http://arstechnica.com/security/2017/01/whatsapp-and-friends-take-umbrage-at-report-its-crypto-is-backdoored/
  4. "blog post" - https://whispersystems.org/blog/there-is-no-whatsapp-backdoor/
  5. "Original Submission" - https://soylentnews.org/submit.pl?op=viewsub&subid=18021
© Copyright 2024 - SoylentNews, All Rights Reserved

printed from SoylentNews, WhatsApp Vulnerability Allows Snooping on Encrypted Messages -- Or Does it? on 2024-04-20 02:47:55