<html>
  <head>
    <meta content="text/html; charset=windows-1252"
      http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    <p>yes, if the OS is completely malicious and you dont have secure
      enclaves then all bets are off, but an application can still try
      to protect itself from incompetent but not malicious OS, even
      without enclaves, to reduce the trusted code base. A secure
      messaging system that prides itself on being end-to-end security
      must take these issues into consideration... <br>
    </p>
    <p>and yes the metadata issue is another elephant in the room...</p>
    <p>Ran<br>
    </p>
    <div class="moz-cite-prefix">On 1/15/2017 2:54 AM, Ari Trachtenberg
      wrote:<br>
    </div>
    <blockquote cite="mid:6517296E-9549-4D28-893E-65B3BC3C3178@bu.edu"
      type="cite">
      <meta http-equiv="Content-Type" content="text/html;
        charset=windows-1252">
      Not sure how you can protect from the OS without heavy-duty crypto
      or some trusted computing base (often an attack surface in its own
      right).
      <div class="">The OS, for example, can completely replace the app,
        at its discretion.
        <div class=""><br class="">
          <div>
            <blockquote type="cite" class="">
              <div class="">On Jan 14, 2017, at 8:28 PM, Ran Canetti
                &lt;<a moz-do-not-send="true"
                  href="mailto:canetti@tau.ac.il" class="">canetti@tau.ac.il</a>&gt;
                wrote:</div>
              <br class="Apple-interchange-newline">
              <div class="">
                <meta http-equiv="Content-Type" content="text/html;
                  charset=windows-1252" class="">
                <div bgcolor="#FFFFFF" text="#000000" class="">
                  Question: Is anyone aware of a study of the level of
                  protection that Whatsapp/Signal  gives from the OS
                  itself, or from other applications on the phone? If
                  anything, this attack surface appears to me much more
                  scary than these re-encryption buglets... presumably
                  the Signal/Whatsapp application keeps a lot of
                  sensitive information -  public keys, secret keys,
                  buffered messages, etc - both on RAM and on secondary
                  storage. I once tried to look at what Whatsapp say
                  about this in their documentation but didnt find much.
                  <br class="">
                  Ran<br class="">
                  <br class="">
                  <br class="">
                  <div class="moz-cite-prefix">On 1/13/2017 5:32 PM,
                    Sarah Scheffler wrote:<br class="">
                  </div>
                  <blockquote
cite="mid:CAH_gZeF_uMY8E2R=kbMbOFeRo1u0=4zs5cQmozqt3xkE+QRsVA@mail.gmail.com"
                    type="cite" class="">
                    <div dir="ltr" class="">I mean, calling it a
                      vulnerability definitely makes it sound worse than
                      it is, but I also think that a lot of people
                      basically assume that as long as they're using
                      WhatsApp, nothing they send will be read by anyone
                      other than who they're sending it to.  I think
                      calling this a vulnerability in the news is
                      actually good, as it brings public awareness of
                      the issue, and now people know whether or not they
                      want to check the box, or look at other settings. 
                      Perhaps my email could have been named with less
                      hype, but to be honest this <i class="">is</i> a
                      vulnerability as far as most users' usage is
                      concerned, and I think it's fine to treat it as
                      such.  At the very least, this will hopefully make
                      people think "hey, there are things that are not
                      automatically solved by me using WhatsApp."  Which
                      is obvious to people used to thinking about
                      cryptography, but not to the average person, who's
                      basically been showered with advice that WhatsApp
                      will solve all of their privacy problems.
                      <div class=""><br class="">
                      </div>
                      <div class="">Also, I think a much better thing
                        would have been for WhatsApp to start with
                        Signal's behavior, with a little blurb that says
                        "if you don't want to see these messages
                        anymore, check this box."  I think opting out,
                        in general, is better than opting in.  That way,
                        if people are going to click through, they can
                        check the box and it's the same end result.  And
                        if they're not going to click through, then we
                        helped some people have a little more security
                        at the cost of verifying a key change once every
                        month or so (or whatever the rate of their
                        friends getting new phones is).</div>
                      <div class=""><br class="">
                      </div>
                      <div class="">But it's fair, causing a panic about
                        a not-really-vulnerability is only going to make
                        it worse when a
                        <i class="">real</i> vulnerability comes along. 
                        So I don't know.  Information is difficult.</div>
                      <div class=""><br class="">
                      </div>
                      <div class="">Cheers!</div>
                      <div class="">Sarah</div>
                      <div class=""><br class="">
                      </div>
                      <div class="">PS: If anyone wants to participate
                        in the MIT Mystery Hunt this weekend and doesn't
                        have a team, I have a team of people from Harvey
                        Mudd College and we're always looking for new
                        team members; send me an email if you want into
                        our slack room.</div>
                    </div>
                    <br class="">
                    <div class="gmail_quote">
                      <div dir="ltr" class="">On Fri, Jan 13, 2017 at
                        5:00 PM Mayank Varia &lt;<a
                          moz-do-not-send="true"
                          href="mailto:varia@bu.edu" class="">varia@bu.edu</a>&gt;
                        wrote:<br class="">
                      </div>
                      <blockquote class="gmail_quote" style="margin:0 0
                        0 .8ex;border-left:1px #ccc
                        solid;padding-left:1ex">
                        <div dir="ltr" class="gmail_msg">
                          <div dir="ltr" class="gmail_msg">Hi Sarah,
                            <div class="gmail_msg"><br class="gmail_msg">
                            </div>
                            <div class="gmail_msg">I think Signal is
                              overhyped sometimes, but calling this a
                              "vulnerability" or a "backdoor" seems way
                              overblown to me. It's important that
                              Signal/WhatsApp supports key migration
                              somehow, since keys can change for many
                              innocuous reasons, such as simply
                              un/reinstalling the program on your phone
                              or recovering your entire phone state from
                              a backup snapshot (which, at least in my
                              case, didn't save my old keys). For a long
                              time Signal also made notifications of key
                              changes unobtrusive by default; I had to
                              enable the warning messages manually on my
                              phone.</div>
                            <div class="gmail_msg"><br class="gmail_msg">
                            </div>
                            <div class="gmail_msg">Basically, nothing
                              about this post seems like news to me;
                              it's a conscious decision by the
                              developers of a security software to
                              provide the best security/usability
                              tradeoff to their customers as they can.
                              Compare to the alternative. If the
                              billion(ish) WhatsApp users received one
                              of those "security warning" messages every
                              time any single one of their friends
                              migrated to a new key, I'm pretty sure
                              people would be overburdened by these
                              messages and would quickly learn to ignore
                              them and simply click through. I don't see
                              any benefit to this strategy at all.
                              Signal itself only seems to be able to
                              handle a "warn by default" mechanism
                              because its user base is currently smaller
                              and more tech-savvy/paranoid than
                              WhatsApp's.</div>
                            <div class="gmail_msg"><br class="gmail_msg">
                            </div>
                            <div class="gmail_msg">FYI, Open Whisper
                              Systems' official response is here: <a
                                moz-do-not-send="true"
                                href="https://whispersystems.org/blog/there-is-no-whatsapp-backdoor/"
                                class="gmail_msg" target="_blank">https://whispersystems.org/blog/there-is-no-whatsapp-backdoor/</a>.
                              I agree with the criticism that the
                              Guardian never bothered to ask the experts
                              they interviewed about the (so-called)
                              vulnerability, but rather the unrelated
                              and completely-leading question "are
                              backdoors in crypto bad?" That's all that
                              the quotes in the Guardian article seem to
                              indicate, as I read it.</div>
                          </div>
                        </div>
                        <div dir="ltr" class="gmail_msg">
                          <div dir="ltr" class="gmail_msg">
                            <div class="gmail_msg"><br class="gmail_msg">
                            </div>
                            <div class="gmail_msg">Mayank</div>
                          </div>
                        </div>
                        <div dir="ltr" class="gmail_msg">
                          <div dir="ltr" class="gmail_msg">
                            <div class="gmail_msg"><br class="gmail_msg">
                            </div>
                            <div class="gmail_msg">P.S. for a shameless
                              plug: if you want to learn more details
                              about the Signal messaging protocol, take
                              my applied crypto course at BU this
                              semester (CS 591 V1).</div>
                            <div class="gmail_msg"><br class="gmail_msg">
                            </div>
                          </div>
                          <br class="gmail_msg">
                        </div>
                        <div dir="ltr" class="gmail_msg">
                          <div class="gmail_quote gmail_msg">
                            <div dir="ltr" class="gmail_msg">On Fri, Jan
                              13, 2017 at 4:42 PM Sarah Scheffler &lt;<a
                                moz-do-not-send="true"
                                href="mailto:sscheff@bu.edu"
                                class="gmail_msg" target="_blank">sscheff@bu.edu</a>&gt;
                              wrote:<br class="gmail_msg">
                            </div>
                          </div>
                        </div>
                        <div dir="ltr" class="gmail_msg">
                          <div class="gmail_quote gmail_msg">
                            <blockquote class="gmail_quote gmail_msg"
                              style="margin:0 0 0 .8ex;border-left:1px
                              #ccc solid;padding-left:1ex">
                              <div dir="ltr" class="gmail_msg"><a
                                  moz-do-not-send="true"
href="https://www.theguardian.com/technology/2017/jan/13/whatsapp-backdoor-allows-snooping-on-encrypted-messages"
                                  class="gmail_msg" target="_blank">This
                                  might be old news for some of you, but
                                  it was news to me.</a>
                                <div class="gmail_msg"><br
                                    class="gmail_msg">
                                </div>
                                <div class="gmail_msg">TL;DR: If you use
                                  Signal, you're good.  If you use
                                  WhatsApp, you should set the setting
                                  where it tells you if the recipient's
                                  key was changed while they were
                                  offline, and also be aware that
                                  messages sent to people who are
                                  offline may be re-encrypted under a
                                  different (!) key and sent without
                                  your intervention.  Or switch to
                                  Signal.<br class="gmail_msg">
                                  <div class="gmail_msg"><br
                                      class="gmail_msg">
                                  </div>
                                  <div class="gmail_msg">Basically if
                                    you send a message in WhatsApp to
                                    someone who is offline, WhatsApp can
                                    replace the public key of the person
                                    to whom you're sending with a new
                                    one, and the messages you sent will
                                    be automatically re-encrypted and
                                    sent under the new key.  Only after
                                    they are successfully transmitted
                                    are you told that this key change
                                    happened, and even then only if you
                                    check a little (non-default) box
                                    that says so.  It was explained a
                                    little more sanely and with more
                                    pictures by the finder, Tobias
                                    Boelter from Berkeley: <a
                                      moz-do-not-send="true"
href="https://tobi.rocks/2016/04/whats-app-retransmission-vulnerability/"
                                      class="gmail_msg" target="_blank">https://tobi.rocks/2016/04/whats-app-retransmission-vulnerability/</a></div>
                                </div>
                                <div class="gmail_msg"><br
                                    class="gmail_msg">
                                </div>
                                <div class="gmail_msg">Apparently
                                  Facebook knows about this and isn't
                                  planning on changing anything.  The
                                  finder of this vulnerability
                                  <a moz-do-not-send="true"
href="https://tobi.rocks/2017/01/what-is-facebook-going-to-do-a-suggestion/"
                                    class="gmail_msg" target="_blank">
                                    says</a> he's pretty sure it was a
                                  bug, but also that they should claim
                                  that it wasn't and that they just made
                                  a poor design choice, and change it.</div>
                                <div class="gmail_msg"><br
                                    class="gmail_msg">
                                </div>
                                <div class="gmail_msg">Cheers!</div>
                                <div class="gmail_msg">Sarah</div>
                              </div>
                            </blockquote>
                          </div>
                        </div>
                        <div dir="ltr" class="gmail_msg">
                          <div class="gmail_quote gmail_msg">
                            <blockquote class="gmail_quote gmail_msg"
                              style="margin:0 0 0 .8ex;border-left:1px
                              #ccc solid;padding-left:1ex">
_______________________________________________<br class="gmail_msg">
                              Busec mailing list<br class="gmail_msg">
                              <a moz-do-not-send="true"
                                href="mailto:Busec@cs.bu.edu"
                                class="gmail_msg" target="_blank">Busec@cs.bu.edu</a><br
                                class="gmail_msg">
                              <a moz-do-not-send="true"
                                href="http://cs-mailman.bu.edu/mailman/listinfo/busec"
                                rel="noreferrer" class="gmail_msg"
                                target="_blank">http://cs-mailman.bu.edu/mailman/listinfo/busec</a><br
                                class="gmail_msg">
                            </blockquote>
                          </div>
                        </div>
                      </blockquote>
                    </div>
                    <br class="">
                    <fieldset class="mimeAttachmentHeader"></fieldset>
                    <br class="">
                    <pre class="" wrap="">_______________________________________________
Busec mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:Busec@cs.bu.edu">Busec@cs.bu.edu</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://cs-mailman.bu.edu/mailman/listinfo/busec">http://cs-mailman.bu.edu/mailman/listinfo/busec</a>
</pre>
                  </blockquote>
                  <br class="">
                </div>
                _______________________________________________<br
                  class="">
                Busec mailing list<br class="">
                <a moz-do-not-send="true" href="mailto:Busec@cs.bu.edu"
                  class="">Busec@cs.bu.edu</a><br class="">
                <a class="moz-txt-link-freetext" href="http://cs-mailman.bu.edu/mailman/listinfo/busec">http://cs-mailman.bu.edu/mailman/listinfo/busec</a><br
                  class="">
              </div>
            </blockquote>
          </div>
          <br class="">
          <div class="">
            <span class="Apple-style-span" style="border-collapse:
              separate; color: rgb(0, 0, 0); font-family: Helvetica;
              font-style: normal; font-variant: normal; font-weight:
              normal; letter-spacing: normal; line-height: normal;
              orphans: 2; text-align: -webkit-auto; text-indent: 0px;
              text-transform: none; white-space: normal; widows: 2;
              word-spacing: 0px; -webkit-border-horizontal-spacing: 0px;
              -webkit-border-vertical-spacing: 0px;
              -webkit-text-decorations-in-effect: none;
              -webkit-text-size-adjust: auto; -webkit-text-stroke-width:
              0px; "><span class="Apple-style-span"
                style="border-collapse: separate; color: rgb(0, 0, 0);
                font-family: Helvetica; font-style: normal;
                font-variant: normal; font-weight: normal;
                letter-spacing: normal; line-height: normal; orphans: 2;
                text-align: -webkit-auto; text-indent: 0px;
                text-transform: none; white-space: normal; widows: 2;
                word-spacing: 0px; -webkit-border-horizontal-spacing:
                0px; -webkit-border-vertical-spacing: 0px;
                -webkit-text-decorations-in-effect: none;
                -webkit-text-size-adjust: auto;
                -webkit-text-stroke-width: 0px; ">
                <div style="word-wrap: break-word; -webkit-nbsp-mode:
                  space; -webkit-line-break: after-white-space; "
                  class=""><span class="Apple-style-span"
                    style="border-collapse: separate; color: rgb(0, 0,
                    0); font-family: Helvetica; font-style: normal;
                    font-variant: normal; font-weight: normal;
                    letter-spacing: normal; line-height: normal;
                    orphans: 2; text-align: -webkit-auto; text-indent:
                    0px; text-transform: none; white-space: normal;
                    widows: 2; word-spacing: 0px;
                    -webkit-border-horizontal-spacing: 0px;
                    -webkit-border-vertical-spacing: 0px;
                    -webkit-text-decorations-in-effect: none;
                    -webkit-text-size-adjust: auto;
                    -webkit-text-stroke-width: 0px; ">
                    <div style="word-wrap: break-word;
                      -webkit-nbsp-mode: space; -webkit-line-break:
                      after-white-space; " class=""><span
                        class="Apple-style-span" style="border-collapse:
                        separate; color: rgb(0, 0, 0); font-family:
                        Helvetica; font-style: normal; font-variant:
                        normal; font-weight: normal; letter-spacing:
                        normal; line-height: normal; orphans: 2;
                        text-align: -webkit-auto; text-indent: 0px;
                        text-transform: none; white-space: normal;
                        widows: 2; word-spacing: 0px;
                        -webkit-border-horizontal-spacing: 0px;
                        -webkit-border-vertical-spacing: 0px;
                        -webkit-text-decorations-in-effect: none;
                        -webkit-text-size-adjust: auto;
                        -webkit-text-stroke-width: 0px; ">
                        <div style="word-wrap: break-word;
                          -webkit-nbsp-mode: space; -webkit-line-break:
                          after-white-space; " class=""><span
                            class="Apple-style-span"
                            style="border-collapse: separate; color:
                            rgb(0, 0, 0); font-family: Helvetica;
                            font-style: normal; font-variant: normal;
                            font-weight: normal; letter-spacing: normal;
                            line-height: normal; orphans: 2;
                            text-indent: 0px; text-transform: none;
                            white-space: normal; widows: 2;
                            word-spacing: 0px;
                            -webkit-border-horizontal-spacing: 0px;
                            -webkit-border-vertical-spacing: 0px;
                            -webkit-text-decorations-in-effect: none;
                            -webkit-text-size-adjust: auto;
                            -webkit-text-stroke-width: 0px; ">
                            <div style="word-wrap: break-word;
                              -webkit-nbsp-mode: space;
                              -webkit-line-break: after-white-space; "
                              class="">---</div>
                            <div style="word-wrap: break-word;
                              -webkit-nbsp-mode: space;
                              -webkit-line-break: after-white-space; "
                              class="">Prof. Ari Trachtenberg          
                               ECE, Boston University<br class="">
                              <a moz-do-not-send="true"
                                href="mailto:trachten@bu.edu" class="">trachten@bu.edu</a> 
                                                <a
                                moz-do-not-send="true"
                                href="http://people.bu.edu/trachten"
                                class="">http://people.bu.edu/trachten</a></div>
                          </span></div>
                      </span></div>
                  </span></div>
              </span></span>
          </div>
          <br class="">
        </div>
      </div>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
      <pre wrap="">_______________________________________________
Busec mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Busec@cs.bu.edu">Busec@cs.bu.edu</a>
<a class="moz-txt-link-freetext" href="http://cs-mailman.bu.edu/mailman/listinfo/busec">http://cs-mailman.bu.edu/mailman/listinfo/busec</a>
</pre>
    </blockquote>
    <br>
  </body>
</html>