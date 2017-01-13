Security Experts Rebut The Guardian's Report That Claimed WhatsApp Has a Backdoor (gizmodo.com) 44
William Turton, writing for Gizmodo: This morning, the Guardian published a story with an alarming headline: "WhatsApp backdoor allows snooping on encrypted messages." If true, this would have massive implications for the security and privacy of WhatsApp's one-billion-plus users. Fortunately, there's no backdoor in WhatsApp, and according to Alec Muffett, an experienced security researcher who spoke to Gizmodo, the Guardian's story is a "major league fuckwittage." [...] Fredric Jacobs, who was the iOS developer at Open Whisper Systems, the collective that designed and maintains the Signal encryption protocol, and who most recently worked at Apple, said, "Nothing new. Of course, if you don't verify keys Signal/WhatsApp/... can man-in-the-middle your communications." "I characterize the threat posed by such reportage as being fear and uncertainty and doubt on an 'anti-vaccination' scale," Muffett, who previously worked on Facebook's engineering security infrastructure team, told Gizmodo. "It is not a bug, it is working as designed and someone is saying it's a 'flaw' and pretending it is earth shattering when in fact it is ignorable." The supposed "backdoor" the Guardian is describing is actually a feature working as intended, and it would require significant collaboration with Facebook to be able to snoop on and intercept someone's encrypted messages, something the company is extremely unlikely to do. "There's a feature in WhatsApp that -- when you swap phones, get a new phone, factory reset, whatever -- when you install WhatsApp freshly on the new phone and continue a conversation, the encryption keys get re-negotiated to accommodate the new phone," Muffett told Gizmodo. Other security experts and journalists have also criticized The Guardian's story.
Muffet is saying it's "major league fuckwittage", while acknowledging that the main point is true: Facebook could in fact intercept messages.
Jacobs says "well duh, if you send a message without verifying keys" - and Whatsapp does just that, automatically resends the message before you have a chance to verify the key.
It would be nice if The Guardian produced a list for the average person of the most popular software that has known backdoors like Skype, so people can see how compromised they are under pretext of "tackling terrorism".
Does Skype even count as backdoored? It needs a new term, like glasshoused or NSAware.
IOW assume everything is compromised.
If alice trusts the provider to tell her that bob is bob and bob trusts the provider to tell him alice is alice then it's all too easy for the provider to pretend to be alice when talking to bob and pretend to be bob when talking to alice.
If you care about provider snooping then you need to use tools where you manage your own keys.
Different problem.
Yes, the provider could initiate a man-in-the-middle attack against all users from the start. However, let us assume that he didn't do that, for various reasons that are for a seperate discussion.
In such a scenario, Alice conversation with Bob is secure. It requires only the initial secure key exchange. Once that is complete, they are fine.
But with the backdoor of silent key-renegotiation, the provider can at any time decide that now they want to eavesdrop into this or that conversation. S
Currently, since July, I am employed by nobody. And loving it.
Previously to that I worked at Facebook, built their Tor onion, and build Facebook Messenger E2E crypto.
So, I'm competent to comment, and beholden to nobody
:-P
a) just check my twitter for proof - and my 4-digit Slashdot ID.
:-)
b) i've built a reputation for 25 years, saying such things. Go dig up my USENET from 1991. Hasn't done me any harm that I care about, and it has done me measurable good when people see me commit to a set of values or a proposition with no "if", "and" or "but".
c) at least I'm funny.
:-)
Why should we believe Facebook won't invest the time in being able to exploit this for eavesdropping? They already lied to regulators about not sharing data between itself and WhatsApp. It sounds extraordinarily naive to think they won't try that use this as a backdoor.
Because there are way better ways to drill holes in E2E than this, when in fact you own the codebase.
Anti-vaccination (Score:2)
Wat? (Score:3)
Well, first off, I'm going to be a little suspicious of experts who find fuckwittage in their dictionary, when a stupid cacahead reference will do. I dunno that taking a temper tantrum reassures me all that much.
My guideline is that if it is allowed, it is visible to someone who wants to see it badly enough.
That's racist. Well no it isn't but language such as that is a sign of upbringing and local colloquial language rather than a sign of intelligence or how much someone knows about a field.
But feel free to bias based on language rather than on fact.
"ignorable" (Score:1)
To use the usual paraphrasing of Mandy Rice Davies' immortal words "well he would say that wouldn't he?"
Exactly. They already lied about data sharing when buying WhatsApp in the first place. So why should anyone believe they wouldn't invest in the effort to exploit this hole. Are people still really so naive.?
Exactly. Denying there's a backdoor while acknowledging there is a backdoor, but they *promise* not to use it.. Hardly reassuring, and a pretty lousy rebuttal.
Considering how much spin doctoring is going on, the safer bet is that Facebook already is working on or already has completed the work to exploit this for eavesdropping.
"Fuckwittage" (Score:2)
The Guardian has created a big name for itself for the massive scoops it has delivered.
Sometimes this leads to the unrealistic expectation that the scoops can keep being manufactured at a steady rate. Trying too hard much?
Old news... (Score:1)
Sure it's not a backdoor... (Score:1)
"The supposed "backdoor" the Guardian is describing is actually a feature working as intended, and it would require significant collaboration with Facebook to be able to snoop on and intercept someone's encrypted messages, something the company is extremely unlikely to do."
A backdoor that requires Facebook's help to snoop is still a backdoor, is it not?
A backdoor that allows facebook to snoop means that it's already in full use for datamining and resale for advertisement and well paying government agencies.
If it's no big deal, let me disable it... (Score:1)
If it's no big deal, where's the option to disable this autorenegotiation of keys, assuming that I'm not fussed about whether my messages migrate when I update my handset, but am fussed about Facebook having the technical means to give a copy of my supposedly secure messages to any random phone that their system authenticates?
Speculation is irrelevant (Score:5, Informative)
The Whatsapp client is proprietary and closed source.
It should be assumed to be compromised regardless of what anyone says about it.
EXACTLY. I went into a lot more detail and rambling in my own comment, but you are 100% right.
missing the point (Score:4, Informative)
He is missing the point.
The article is not speaking about an encryption flaw or anything like that, but about a backdoor - a feature that allows Facebook, without any code changes on your device or other intrusion - to eavesdrop on any conversation you are having.
A good encryption would be impenetrable even to the vendor. It should not allow the keys to be changed underneath you. It should not warn you afterwards about this fact, and only if you have a special option enabled, but it should tell you before it does a key change, and require your consent.
Denial of the problem is the first stage (Score:2)
There is a problem in my opinion and denial won't get it fixed. Sure you need to renegotiate keys with a new device but it should not happen automagically without your knowledge. You should have to do it manually and it should not be done for you based on an assumption and all your messages be resent with the new keys.
SubjectsInCommentsAreStupidCauseTheSubjectIsTFA (Score:2)
That's doubleplus bad.
I think we can leave it at that without the drama.
Did Whatsapp go open source yet? (Score:2)
Some disclaimer:
I have moderate IT Security experience. I'm admittedly not the ITSec convention-going type, but I've developed for solid security, done successful penetration testing on people's code and the likes... From the guardian's article, and from my POV, the major issue here is one of wording: a Backdoor is a feature, one intentionally added by developers and hidden from the end user-facing stuff such as UI and (R)TFM. This is definitely not a backdoor - it looks like a flaw, probably associated wit