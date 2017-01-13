Become a fan of Slashdot on Facebook

 


Security Experts Rebut The Guardian's Report That Claimed WhatsApp Has a Backdoor (gizmodo.com) 16

William Turton, writing for Gizmodo: This morning, the Guardian published a story with an alarming headline: "WhatsApp backdoor allows snooping on encrypted messages." If true, this would have massive implications for the security and privacy of WhatsApp's one-billion-plus users. Fortunately, there's no backdoor in WhatsApp, and according to Alec Muffett, an experienced security researcher who spoke to Gizmodo, the Guardian's story is a "major league fuckwittage." [...] Fredric Jacobs, who was the iOS developer at Open Whisper Systems, the collective that designed and maintains the Signal encryption protocol, and who most recently worked at Apple, said, "Nothing new. Of course, if you don't verify keys Signal/WhatsApp/... can man-in-the-middle your communications." "I characterize the threat posed by such reportage as being fear and uncertainty and doubt on an 'anti-vaccination' scale," Muffett, who previously worked on Facebook's engineering security infrastructure team, told Gizmodo. "It is not a bug, it is working as designed and someone is saying it's a 'flaw' and pretending it is earth shattering when in fact it is ignorable." The supposed "backdoor" the Guardian is describing is actually a feature working as intended, and it would require significant collaboration with Facebook to be able to snoop on and intercept someone's encrypted messages, something the company is extremely unlikely to do. "There's a feature in WhatsApp that -- when you swap phones, get a new phone, factory reset, whatever -- when you install WhatsApp freshly on the new phone and continue a conversation, the encryption keys get re-negotiated to accommodate the new phone," Muffett told Gizmodo. Other security experts and journalists have also criticized The Guardian's story.

  • It would be nice if The Guardian produced a list for the average person of the most popular software that has known backdoors like Skype, so people can see how compromised they are under pretext of "tackling terrorism".

      Does Skype even count as backdoored? It needs a new term, like glasshoused or NSAware.

  • Well, apparently [nbcnews.com] the President Elect of the USA [salon.com] believes [twitter.com] the anti-vaccination idea, so...soon it will move on from "fear and doubt" into "official policy".
  • Fuckwittage? Anti-Vaxxer references? Hope this guy has a newsletter.

    Well, first off, I'm going to be a little suspicious of experts who find fuckwittage in their dictionary, when a stupid cacahead reference will do. I dunno that taking a temper tantrum reassures me all that much.

    My guideline is that if it is allowed, it is visible to someone who wants to see it badly enough.

  • Can I quote you on that?

    The Guardian has created a big name for itself for the massive scoops it has delivered.

    Sometimes this leads to the unrealistic expectation that the scoops can keep being manufactured at a steady rate. Trying too hard much?

  • First, this is really old news picked up by the Guardian: https://tobi.rocks/2016/04/wha... [tobi.rocks] That's almost a year old! Second, this is not the biggest security issue IMHO: default WhatsApp behaviour is to backup all your messages unencrypted to Google Drive, therefore, if a government wants to read your messages, they'll just ask Google! (the content is inaccessible by you, but not to them! https://developers.google.com/... [google.com] )

