[Busec] WhatsApp default settings vulnerability

Mayank Varia varia at bu.edu
Fri Jan 13 16:59:55 EST 2017


Hi Sarah,

I think Signal is overhyped sometimes, but calling this a "vulnerability"
or a "backdoor" seems way overblown to me. It's important that
Signal/WhatsApp supports key migration somehow, since keys can change for
many innocuous reasons, such as simply un/reinstalling the program on your
phone or recovering your entire phone state from a backup snapshot (which,
at least in my case, didn't save my old keys). For a long time Signal also
made notifications of key changes unobtrusive by default; I had to enable
the warning messages manually on my phone.

Basically, nothing about this post seems like news to me; it's a conscious
decision by the developers of a security software to provide the best
security/usability tradeoff to their customers as they can. Compare to the
alternative. If the billion(ish) WhatsApp users received one of those
"security warning" messages every time any single one of their friends
migrated to a new key, I'm pretty sure people would be overburdened by
these messages and would quickly learn to ignore them and simply click
through. I don't see any benefit to this strategy at all. Signal itself
only seems to be able to handle a "warn by default" mechanism because its
user base is currently smaller and more tech-savvy/paranoid than WhatsApp's.

FYI, Open Whisper Systems' official response is here:
https://whispersystems.org/blog/there-is-no-whatsapp-backdoor/. I agree
with the criticism that the Guardian never bothered to ask the experts they
interviewed about the (so-called) vulnerability, but rather the unrelated
and completely-leading question "are backdoors in crypto bad?" That's all
that the quotes in the Guardian article seem to indicate, as I read it.

Mayank

P.S. for a shameless plug: if you want to learn more details about the
Signal messaging protocol, take my applied crypto course at BU this
semester (CS 591 V1).


On Fri, Jan 13, 2017 at 4:42 PM Sarah Scheffler <sscheff at bu.edu> wrote:

> This might be old news for some of you, but it was news to me.
> <https://www.theguardian.com/technology/2017/jan/13/whatsapp-backdoor-allows-snooping-on-encrypted-messages>
>
> TL;DR: If you use Signal, you're good.  If you use WhatsApp, you should
> set the setting where it tells you if the recipient's key was changed while
> they were offline, and also be aware that messages sent to people who are
> offline may be re-encrypted under a different (!) key and sent without your
> intervention.  Or switch to Signal.
>
> Basically if you send a message in WhatsApp to someone who is offline,
> WhatsApp can replace the public key of the person to whom you're sending
> with a new one, and the messages you sent will be automatically
> re-encrypted and sent under the new key.  Only after they are successfully
> transmitted are you told that this key change happened, and even then only
> if you check a little (non-default) box that says so.  It was explained a
> little more sanely and with more pictures by the finder, Tobias Boelter
> from Berkeley:
> https://tobi.rocks/2016/04/whats-app-retransmission-vulnerability/
>
> Apparently Facebook knows about this and isn't planning on changing
> anything.  The finder of this vulnerability says
> <https://tobi.rocks/2017/01/what-is-facebook-going-to-do-a-suggestion/> he's
> pretty sure it was a bug, but also that they should claim that it wasn't
> and that they just made a poor design choice, and change it.
>
> Cheers!
> Sarah
> _______________________________________________
> Busec mailing list
> Busec at cs.bu.edu
> http://cs-mailman.bu.edu/mailman/listinfo/busec
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cs-mailman.bu.edu/pipermail/busec/attachments/20170113/788d4e3b/attachment.html>


More information about the Busec mailing list