Slashdot Mirror

← Back to Stories (view on slashdot.org)

Security Experts Rebut The Guardian's Report That Claimed WhatsApp Has a Backdoor (gizmodo.com)

Posted by msmash on from the what's-really-happening dept.

William Turton, writing for Gizmodo: This morning, the Guardian published a story with an alarming headline: "WhatsApp backdoor allows snooping on encrypted messages." If true, this would have massive implications for the security and privacy of WhatsApp's one-billion-plus users. Fortunately, there's no backdoor in WhatsApp, and according to Alec Muffett, an experienced security researcher who spoke to Gizmodo, the Guardian's story is a "major league fuckwittage." [...] Fredric Jacobs, who was the iOS developer at Open Whisper Systems, the collective that designed and maintains the Signal encryption protocol, and who most recently worked at Apple, said, "Nothing new. Of course, if you don't verify keys Signal/WhatsApp/... can man-in-the-middle your communications." "I characterize the threat posed by such reportage as being fear and uncertainty and doubt on an 'anti-vaccination' scale," Muffett, who previously worked on Facebook's engineering security infrastructure team, told Gizmodo. "It is not a bug, it is working as designed and someone is saying it's a 'flaw' and pretending it is earth shattering when in fact it is ignorable." The supposed "backdoor" the Guardian is describing is actually a feature working as intended, and it would require significant collaboration with Facebook to be able to snoop on and intercept someone's encrypted messages, something the company is extremely unlikely to do. "There's a feature in WhatsApp that -- when you swap phones, get a new phone, factory reset, whatever -- when you install WhatsApp freshly on the new phone and continue a conversation, the encryption keys get re-negotiated to accommodate the new phone," Muffett told Gizmodo. Other security experts and journalists have also criticized The Guardian's story.

114 comments

  1. is not by Anonymous Coward · · Score: 0

    Retransmission with unverified key is a programming error.

    1. Re: is not by Anonymous Coward · · Score: 0

      Yeah, I wouldn't trust stories with assertions like these coming from Slashdot new management. This assertion in the story is obviously wrong.

  2. Compromise by Wowsers · · Score: 2

    It would be nice if The Guardian produced a list for the average person of the most popular software that has known backdoors like Skype, so people can see how compromised they are under pretext of "tackling terrorism".

    --
    Take Nobody's Word For It.
    1. Re:Compromise by Anonymous Coward · · Score: 2, Insightful

      Does Skype even count as backdoored? It needs a new term, like glasshoused or NSAware.

    2. Re:Compromise by Anonymous Coward · · Score: 0

      That's an easy list to compile.

      If you can't see the source, assume it is compromised. Everything else is pending analysis.

    3. Re:Compromise by petermgreen · · Score: 1

      If alice trusts the provider to tell her that bob is bob and bob trusts the provider to tell him alice is alice then it's all too easy for the provider to pretend to be alice when talking to bob and pretend to be bob when talking to alice.

      If you care about provider snooping then you need to use tools where you manage your own keys.

      --
      note: i'm known as plugwash most places but i screwd up registering that here somehow in the past and now can't register
    4. Re:Compromise by Megol · · Score: 1

      IOW assume everything is compromised.

    5. Re:Compromise by Tom · · Score: 4, Informative

      Different problem.

      Yes, the provider could initiate a man-in-the-middle attack against all users from the start. However, let us assume that he didn't do that, for various reasons that are for a seperate discussion.

      In such a scenario, Alice conversation with Bob is secure. It requires only the initial secure key exchange. Once that is complete, they are fine.

      But with the backdoor of silent key-renegotiation, the provider can at any time decide that now they want to eavesdrop into this or that conversation. Say, because a government agency asked them nicely, or a FB employee looked up that woman he met last night in the database and found her WhatsApp number...

      It is a different scenario with different ramifications.

      --
      Assorted stuff I do sometimes: Lemuria.org
    6. Re:Compromise by alecm · · Score: 1

      >"provider can at any time decide that now they want to eavesdrop into this or that conversation"

      and having hijacked one message in this scenario, what happens to the rest of the conversation? what happens to that message, too?

      --
      perl -nle 'setpwent;crypt($_,$c)eq$c&&print"$u=$_"while($u,$ c)=getpwent'
    7. Re:Compromise by Anonymous Coward · · Score: 0

      lol, like reviewing the source is going to do anything for you, most of the key vulnerabilities are in the environment that you are depending on like key infrastructure

    8. Re:Compromise by Anonymous Coward · · Score: 0

      Any public key infrastructure is exposed to this, that is why some organizations maintain their own keys

    9. Re:Compromise by stooo · · Score: 2

      Not necessarily. If the endpoint is shown to be secure, and the keys are generated by the endpoint, and that the endpoint warns you when keys are changed, then all the MITM man can do undetected is to delete messages.
      The MITM Man in this case is Watsapp, and the US Gov.

      --
      aaaaaaa
    10. Re:Compromise by stooo · · Score: 1

      if the provides manages the keys, you're toast.
      So never never use watsapp.

      --
      aaaaaaa
    11. Re:Compromise by stooo · · Score: 1

      the difference here is that wats'app is implementing the end user software, and automatically accepts new certificates on behalf of the user.
      Like when you accept broken certificates in your browser, except in this case the browser accepts it for you.#
      That's the definition of a backdoor.

      --
      aaaaaaa
    12. Re:Compromise by allo · · Score: 1

      Good i am having a webcam.

    13. Re:Compromise by Tom · · Score: 1

      That is what I was saying just without any of the technical details.

      In a good system, the provider would not manage the keys. He would only provide the means for the initial key exchange (if for whatever reason he decides to not use DH).

      --
      Assorted stuff I do sometimes: Lemuria.org
  3. Of course it has by Anonymous Coward · · Score: 0

    its name is "Facebook."

    meh

  4. And Muffet is employed by? by Anonymous Coward · · Score: 0

    Did no one think to ask?

    1. Re:And Muffet is employed by? by alecm · · Score: 5, Informative

      Currently, since July, I am employed by nobody. And loving it.

      Previously to that I worked at Facebook, built their Tor onion, and build Facebook Messenger E2E crypto.

      So, I'm competent to comment, and beholden to nobody :-P

      --
      perl -nle 'setpwent;crypt($_,$c)eq$c&&print"$u=$_"while($u,$ c)=getpwent'
    2. Re:And Muffet is employed by? by Anonymous Coward · · Score: 0

      (For the purposes of this discussion, I'm going to assume that you actually are Alec. Ideally I would have liked to be able to verify it through an in-person PGP/GPG key exchange and ID examination, along with signed or encrypted messages here at Slashdot, but due to various limitations we'll have to just assume that you're Alec for now.)

      Do you realize how silly-sounding the use of terminology like “major league fuckwittage” makes you come off as?

      It's hard to take somebody seriously, even if they have relevant knowledge, experience and expertise, when they apparently use "words" (I use that term very reluctantly, because the terminology we're discussing here isn't actually a word) like "fuckwittage".

    3. Re:And Muffet is employed by? by Desler · · Score: 1

      Why should we believe Facebook won't invest the time in being able to exploit this for eavesdropping? They already lied to regulators about not sharing data between itself and WhatsApp. It sounds extraordinarily naive to think they won't try that use this as a backdoor.

    4. Re: And Muffet is employed by? by Anonymous Coward · · Score: 0

      Provide your keys liar!!!

    5. Re:And Muffet is employed by? by alecm · · Score: 2

      Because there are way better ways to drill holes in E2E than this, when in fact you own the codebase.

      --
      perl -nle 'setpwent;crypt($_,$c)eq$c&&print"$u=$_"while($u,$ c)=getpwent'
    6. Re:And Muffet is employed by? by alecm · · Score: 5, Informative

      a) just check my twitter for proof - and my 4-digit Slashdot ID. :-)

      b) i've built a reputation for 25 years, saying such things. Go dig up my USENET from 1991. Hasn't done me any harm that I care about, and it has done me measurable good when people see me commit to a set of values or a proposition with no "if", "and" or "but".

      c) at least I'm funny. :-)

      --
      perl -nle 'setpwent;crypt($_,$c)eq$c&&print"$u=$_"while($u,$ c)=getpwent'
    7. Re:And Muffet is employed by? by Anonymous Coward · · Score: 0

      Because there are way better ways to drill holes in E2E than this, when in fact you own the codebase.

      Right. But that doesn't mean that they are not doing that either. The news is that they can intercept messages. Via this (clunky, hard to do, unlikely) technique or via an easier one, by modifying the code. They can do it, and therefore they are probably doing it. The actual method is irrelevant. One could actually argue that is nothing with this method (since its so hard to do) and save face (PR stunt), while it would be harder to defend yourself if word gets out that you modified the codebase with the explicit purpose of intercepting messages.

    8. Re:And Muffet is employed by? by Desler · · Score: 1

      There probably are. Either way, if they really wanted to shutdown this backdoor talk they should change this behavior. Otherwise the only thing we have to go by is a non-binding "promise" from a known liar.

    9. Re:And Muffet is employed by? by Anonymous Coward · · Score: 0

      Because there are way better ways to drill holes in E2E than this, when in fact you own the codebase.

      Not convincing. In the post-PRISM world there is fuck all reason to believe the word of any corporation claiming not to be trying to spy on you. This really might ve all overblown, but even the slightest appearance of impropriety should be taken as a serious threat.

      I'd bet money that you'd have claimed PRISM was too complex of a system to exist and yet it did anyway.

    10. Re:And Muffet is employed by? by Anonymous Coward · · Score: 0

      FB's got Tor Onion? Interesting...

    11. Re:And Muffet is employed by? by alecm · · Score: 1

      > by modifying the code

      This is news?

      --
      perl -nle 'setpwent;crypt($_,$c)eq$c&&print"$u=$_"while($u,$ c)=getpwent'
    12. Re:And Muffet is employed by? by alecm · · Score: 1

      >Not convincing

      I'd love you to explain to me an even more plausible way to implement a backdoor than "write one, properly."

      --
      perl -nle 'setpwent;crypt($_,$c)eq$c&&print"$u=$_"while($u,$ c)=getpwent'
    13. Re:And Muffet is employed by? by Anonymous Coward · · Score: 0

      Posting as AC to not undo my moderation, but I really have to say that the headline, while sensationalized, does appear to be true. It looks as if Facebook could, under a warrant or just because, get any or all messages in a conversation retransmitted with a new, know, key.

      Am I reading that wrong?

      --
      From the journalist:
      "The supposed “backdoor” the Guardian is describing is actually a feature working as intended, and it would require significant collaboration with Facebook to be able to snoop on and intercept someone’s encrypted messages, something the company is extremely unlikely to do. "
      From you:
      “There’s a feature in WhatsApp that—when you swap phones, get a new phone, factory reset, whatever—when you install WhatsApp freshly on the new phone and continue a conversation, the encryption keys get re-negotiated to accommodate the new phone,"

      Here's copy from whatsapp.com:

      "Some of your most personal moments are shared on WhatsApp, which is why we built end-to-end encryption into the latest versions of our app. When end-to-end encrypted, your messages and calls are secured so only you and the person you're communicating with can read or listen to them, and nobody in between, not even WhatsApp. "

      If Facebook can read the messages by demanding that they be retransmitted in a fashion readable to an attacker, then how would you evaluate this statement about how "nobody in between" can read them? Note that the claim on the website is that "not even WhatsApp" can read them. It doesn't say "only you, the person you're communicating with, and any designated third parties can read them", which appears to be the case.

      This problem looks like it is caused by simplifying the encryption interface enough to be reliable and user friendly, but you can certainly see how, in an era where we know without ANY doubt that privacy is being attacked by well funded agencies around the world, it would look super fucking bad, and require a software fix, not a defensive deflection.

    14. Re:And Muffet is employed by? by Anonymous Coward · · Score: 0

      You must be one of the few people in the world to work for a corporation that only writes perfect software. Complex, over-engineered software is the norm not a rarity as you seem to imply.

    15. Re:And Muffet is employed by? by Desler · · Score: 1

      So your comeback is that corporations would only write super-secure backdoors? That's a joke, right?

    16. Re:And Muffet is employed by? by Anonymous Coward · · Score: 0

      You worked at Facebook doing crypto stuff for them, you obviously have ties to the company or else you can sell their security info to 3rd parties. So I'm going to assume you're lying when you say that there is no backdoor.

    17. Re:And Muffet is employed by? by Anonymous Coward · · Score: 0

      Alec (or pretend alec), you're trying to defend a property of software that could be used as a back door by saying "but it's not meant to be a back door, it's meant to be a feature". Then by also adding on that "it would be easier to do it other ways".

      Neither of those matter. It IS a back door today. If something happened right this minute and code could no longer change then this would still be a back door that could be exploited. Clunky or not. The only fuckwittage involved here to try to claim otherwise.

    18. Re:And Muffet is employed by? by alecm · · Score: 2

      1) Really, dude, go read my Twitter. I'll post this there.

      2) It's not a backdoor. It has an off-switch. It would be a pain to exploit. It would be ugly, obvious and risky to exploit. If such snooping was sought, it would be done better..

      https://twitter.com/AlecMuffet...

      --
      perl -nle 'setpwent;crypt($_,$c)eq$c&&print"$u=$_"while($u,$ c)=getpwent'
    19. Re:And Muffet is employed by? by alecm · · Score: 2

      My comeback is that corporations which are held to be super-smart-and-sneaky one moment should not be assumed to be bone stupid the next.

      --
      perl -nle 'setpwent;crypt($_,$c)eq$c&&print"$u=$_"while($u,$ c)=getpwent'
    20. Re:And Muffet is employed by? by Anonymous Coward · · Score: 0

      Funny things are supposed to make you laugh.

    21. Re:And Muffet is employed by? by fche · · Score: 2

      "2) It's not a backdoor."

      If facebook received an NSL or warrant, it could trivially trigger this "ugly, obvious, risky" mechanism and read "secure" traffic, with little if any visible sign at the sender / recipient.

      It is a backdoor accessible to facebook or people who control it. That's bad enough.

    22. Re:And Muffet is employed by? by alecm · · Score: 2

      >If facebook received an NSL or warrant, it could trivially trigger this "ugly, obvious, risky" mechanism and read "secure" traffic, with little if any visible sign at the sender / recipient.

      (cough/) how about bunches of messages randomly going missing?

      kindly go read this: https://whispersystems.org/blo...

      --
      perl -nle 'setpwent;crypt($_,$c)eq$c&&print"$u=$_"while($u,$ c)=getpwent'
    23. Re:And Muffet is employed by? by Anonymous Coward · · Score: 0

      So, looking for employment right now? Hmmm.

    24. Re:And Muffet is employed by? by Anonymous Coward · · Score: 0

      "If facebook received an NSL or warrant"
      Then Facebook would need to honor the request. NSL's have been around since1978. Warrants have been around a lot longer. Warrants issued by the court can be challenged by any defense council but NSLs do not require prior approval from the court. However, a NSL can be challenged as it relates to the nondisclosure order in federal court. And there is something that people constantly over look. Any evidence collected via a NSL or FISA warrant can not be used in court. A FISA warrant allows the government to collect enough evidence to petition the court for a normal warrant. A FISA warrant is also only valid if the investigation involves a non-US person is under investigation. To many people are basically fighting to take away the tools needed to provide a level of national security. The bottom line is that there are valid national security threats. There needs to be something in place to counter these threats.

    25. Re:And Muffet is employed by? by wiretrip · · Score: 1

      So you built a Tor Onion for a site that requires a login?? Isn't that kind of a major oxymoron?

    26. Re:And Muffet is employed by? by Anonymous Coward · · Score: 0

      Change your name to Muppet. From these few minutes of reading, that's how you appear.

  5. Anti-vaccination by l0n3s0m3phr34k · · Score: 1

    Well, apparently the President Elect of the USA believes the anti-vaccination idea, so...soon it will move on from "fear and doubt" into "official policy".

  6. Wat? by Ol+Olsoc · · Score: 3, Insightful
    Fuckwittage? Anti-Vaxxer references? Hope this guy has a newsletter.

    Well, first off, I'm going to be a little suspicious of experts who find fuckwittage in their dictionary, when a stupid cacahead reference will do. I dunno that taking a temper tantrum reassures me all that much.

    My guideline is that if it is allowed, it is visible to someone who wants to see it badly enough.

    --
    The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
    1. Re:Wat? by thegarbz · · Score: 1

      That's racist. Well no it isn't but language such as that is a sign of upbringing and local colloquial language rather than a sign of intelligence or how much someone knows about a field.

      But feel free to bias based on language rather than on fact.

    2. Re:Wat? by Ol+Olsoc · · Score: 1

      That's racist.

      Ah, a term used so much it is like saying "Scotch tape" or Xerox copy.

      Well no it isn't but language such as that is a sign of upbringing and local colloquial language rather than a sign of intelligence or how much someone knows about a field.

      But feel free to bias based on language rather than on fact.

      Aren't you doing the exact same thing as you accuse me of doing? And facts are good, and highly indicated in this discussion. I approve. But "Fuckwittery" is rather difficualt to prove as a fact. "fuckwittery" tells us about the person claiming it though.

      Now I don't know about you, but if I'm trying to convince people that something is safe when someone else says it isn't, I'll probably use explanatory terms, and not call those folks who said it wasn't safe "fuckwits". We all in our careers and elsewhere get questioned on our veracity occasionally. I just had that happen in the case of a competitive event I administer. My response? Exceptional pleasantness, and so much referencable, provable, and 100 percent correct data that my accuser eventually says, "No more - Please! I was wrong."

      Me calling him a fuckwit? Yes the guy was indeed being one - not only doesn't make my case, but having much experience with humans, name calling is usually the sign of a bully, or someone who even has something to hide, so they try the intimidation route. Red flags go up and alarm bells go off. And me calling him gains sympathy for the accuser. In the meantime, after I proved with no questionable he no longer doubts my veracity, and knows what will happen if he were ever to question it again. Which is all to say that he won't ever question my honesty. And all of the folks sitting on the sidelines see it as well.

      A lot of us swear. I do, I have no doubt that you do. But I know when a little spice is needed, and when to use the big words, and when to drop the big words and tame the shop talk down a little. Profanity is for sitting around the bar, telling jokes, and so seldom in intelligent discourse, that it's use is contraindicated almost always.

      But then again, I'm probably a fuckwit, amiright?

      --
      The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
  7. "ignorable" by PoopJuggler · · Score: 1

    All those "ignorable" things are the reason why security eventually fails.

  8. So it _is_ a backdoor by Anonymous Coward · · Score: 1

    The supposed "backdoor" the Guardian is describing is actually a feature working as intended, and it would require significant collaboration with Facebook to be able to snoop on and intercept someone's encrypted messages, something the company is extremely unlikely to do

    That sounds like a back door to me. Who trusts facebook anyway?

    1. Re:So it _is_ a backdoor by andrewbaldwin · · Score: 1

      To use the usual paraphrasing of Mandy Rice Davies' immortal words "well he would say that wouldn't he?"

    2. Re:So it _is_ a backdoor by Desler · · Score: 1

      Exactly. They already lied about data sharing when buying WhatsApp in the first place. So why should anyone believe they wouldn't invest in the effort to exploit this hole. Are people still really so naive.?

    3. Re:So it _is_ a backdoor by fustakrakich · · Score: 2

      Exactly. Denying there's a backdoor while acknowledging there is a backdoor, but they *promise* not to use it.. Hardly reassuring, and a pretty lousy rebuttal.

      --
      “He’s not deformed, he’s just drunk!”
    4. Re:So it _is_ a backdoor by Desler · · Score: 1

      Considering how much spin doctoring is going on, the safer bet is that Facebook already is working on or already has completed the work to exploit this for eavesdropping.

    5. Re:So it _is_ a backdoor by alecm · · Score: 1

      >"So why should anyone believe they wouldn't invest in the effort to exploit this hole"

      Because it would be cheaper and far more secure, convenient an scalable to build a _real_ back door.

      --
      perl -nle 'setpwent;crypt($_,$c)eq$c&&print"$u=$_"while($u,$ c)=getpwent'
    6. Re:So it _is_ a backdoor by Desler · · Score: 1

      So then change this behavior and silence all the backdoor claims. That would seem to be less effort than all this spin doctoring and PR damage control. Sorry, the "promise" of a liar holds no merit.

    7. Re:So it _is_ a backdoor by alecm · · Score: 1

      Oh, prove a negative, you mean?

      --
      perl -nle 'setpwent;crypt($_,$c)eq$c&&print"$u=$_"while($u,$ c)=getpwent'
    8. Re: So it _is_ a backdoor by Anonymous Coward · · Score: 0

      Sorry buddy, between you and the Guardian, we know who to trust if we haven't looked closely at it yet. It's not you. Further, you don't inspire confidence in your logic.

    9. Re:So it _is_ a backdoor by Desler · · Score: 1

      No, not at all. Fixing this specific behavior would be trivial to do. The fact that it's not being done so and you and others are trying to tell us to ignore it just trust that a data-mining company with a history of lying is absurd.

    10. Re: So it _is_ a backdoor by Desler · · Score: 1

      But Facebook is an honest company with no history of lying about things. It's not like their business is in data mining or anything. Also, they have no history of being a part of the government's mass surveillance apparatus. /s

    11. Re: So it _is_ a backdoor by Anonymous Coward · · Score: 0

      They're not going to fix it because they might need it for a backdoor. Honestly, someone has to be mildly retarded to use whatsapp for communication. You are at the mercy of one lousy company known to work closely with the government and lie like a rug.
      You need to use something like email that is not dependant on one provider.

  9. "Fuckwittage" by rmdingler · · Score: 1
    Can I quote you on that?

    The Guardian has created a big name for itself for the massive scoops it has delivered.

    Sometimes this leads to the unrealistic expectation that the scoops can keep being manufactured at a steady rate. Trying too hard much?

    --
    Happiness in intelligent people is the rarest thing I know.

    Ernest Hemingway

    1. Re:"Fuckwittage" by Anonymous Coward · · Score: 0

      I take it you have not been following it lately. Ever since the smashed laptop incident it has become nothing more than a government mouthpiece.

  10. Teh Grauniad by Anonymous Coward · · Score: 0

    It seems to be following the Independent's lead and becoming a clickbait factory.

  11. Yeah both agree on the main points, actually by raymorris · · Score: 5, Insightful

    Muffet is saying it's "major league fuckwittage", while acknowledging that the main point is true: Facebook could in fact intercept messages.

    Jacobs says "well duh, if you send a message without verifying keys" - and Whatsapp does just that, automatically resends the message before you have a chance to verify the key.

    1. Re:Yeah both agree on the main points, actually by Anonymous Coward · · Score: 0

      Sounds like a government press release. "Just trust us, we wouldn't do that...."

      "Significant collaboration required" -> "A day or two of coding and we could make a checkbox for whoever wants to intercept"
      "extremely unlikely" -> "technically true, we only do it on a very small percentage of our users... "

    2. Re:Yeah both agree on the main points, actually by Anonymous Coward · · Score: 0

      "However, WhatsApp has the ability to force the generation of new encryption keys for offline users, unbeknown to the sender and recipient of the messages, and to make the sender re-encrypt messages with new keys and send them again for any messages that have not been marked as delivered."

      Oh FFS. Revoke of key is an attack, expiring a key is an attack. It annuls TIME, if the key must be the same as it was in the past, then nobody can travel back in time and change the original, so it secures the key because it must be the same. Expiring the key at a known time is a security hole. Letting a force of key change happen is a security hole. Even if it was verified, if you control the verification mechanism (like Symantec/BlueCoat and TLS) then you've backdoor it.

      At these backdoors you put in for people like the NSA, aka 'the good guys', they're about to be turned on you.

      Trump has access to a whole office outside US law, the Russian FSB. So whatever you Republicans think about how they're going to control Trump with laws, misses the point. His friends don't operate within US law, and he can block any action against Russia. His National Security Advisor, Flynn, was chosen in August by Putin, not in November by Trump. The intelligence memo shows this. They show he's a traitor. And those lists of CIA agents in Russia, and backdoor second keys (like the second key in Dual EC random number generator), Trump men will have direct access to these, and can hand them using the very same backchannels to FSB, that the memo points to.

      You put backdoors in and they turn on you.

    3. Re:Yeah both agree on the main points, actually by Anonymous Coward · · Score: 0

      When intercepting communications, the first rule is to convince the target that the communications are secure

    4. Re:Yeah both agree on the main points, actually by Anonymous Coward · · Score: 0

      Friends keep me harassing me to get this app. I keep saying it is not secure enough and that I want them to install Signal instead. What if I post a warning on my Facebook profile for friends to see fro themselves? Any chance that FB allows it to appear on someone's feed?

    5. Re:Yeah both agree on the main points, actually by Zeklandia · · Score: 1

      Some security expert!

  12. Old news... by kaboojan · · Score: 2

    First, this is really old news picked up by the Guardian: https://tobi.rocks/2016/04/wha... That's almost a year old! Second, this is not the biggest security issue IMHO: default WhatsApp behaviour is to backup all your messages unencrypted to Google Drive, therefore, if a government wants to read your messages, they'll just ask Google! (the content is inaccessible by you, but not to them! https://developers.google.com/... )

  13. it would require significant collaboration with... by Anonymous Coward · · Score: 0

    it would require significant collaboration with Facebook to be able to snoop on and intercept someone's encrypted messages, something the company is extremely unlikely to do.

    Why does /. allow ridiculous PR articles?

  14. Sure it's not a backdoor... by WerewolfOfVulcan · · Score: 1

    "The supposed "backdoor" the Guardian is describing is actually a feature working as intended, and it would require significant collaboration with Facebook to be able to snoop on and intercept someone's encrypted messages, something the company is extremely unlikely to do."

    A backdoor that requires Facebook's help to snoop is still a backdoor, is it not?

    1. Re:Sure it's not a backdoor... by durrr · · Score: 0

      A backdoor that allows facebook to snoop means that it's already in full use for datamining and resale for advertisement and well paying government agencies.

    2. Re:Sure it's not a backdoor... by Anonymous Coward · · Score: 0

      Facebook is the ideal platform for intel orgs. I don't think it is reasonable to assume that they don't have as many of their own people inside Facebook as they possibly can.

    3. Re:Sure it's not a backdoor... by Anonymous Coward · · Score: 0

      Why would intelligence agencies want to wade through all the inconsequential and meaningless bullshit posted via Facebook or any other social media platform? Do all the people raving about their privacy being violated actually believe they have anything to say that anyone, including the government intelligence agencies, actually care about? If you want to stop worrying about your sacred privacy you are totally free to engineer, build, and implement your super secure digital communication infrastructure, stop posting your life story in all it's boring detail on a social media site, and if you happen to be plotting the over throw of the government do not go fishing for accomplices using Twitter. If you want to complain about the nefarious efforts of a government intelligence agency please look into the real programs in use instead of just throwing around buzzwords like OMG Prism has been unleashed. Look into how an intelligence agency might use meta-call data collected by a carrier to investigate and possibly track down the next asshat looking to blowup or randomly run over a group of pedestrians. A single phone number can be used to uncover the call chain of any suspected individual but the key is that it takes a suspect and one number to start the process. The government is not collecting and analyzing call data in real time looking for potential criminals. Even the sacred Snowden document repeatedly mention the fact that bulk data collection, be it call data or internet traffic is costly, technically impractical, and basically useless in intercepting or identifying any future threats. And personally I would like to see every single government provided security related to terrorism stopped. I want to see how many airplanes get blown up or mass terrorist attacks organized openly in social media or even in secret happen. I never want to have to remove my shows again before getting on an airplane. Today's generation needs to be reminded of what the real world looks like without any government protections and then come up with their own plan to protect their worthless lives and those of their children. I imagine they will require more than pithy sloganeering and online outrages to set things back to normal.

    4. Re:Sure it's not a backdoor... by Anonymous Coward · · Score: 0

      > ? Do all the people raving about their privacy being violated actually believe they have anything to say that anyone, including the government intelligence agencies, actually care about?

      ABSOLUTELY

      Facebook maps out human interactions in immense detail. Just the metadata can predict who is likely to hold contrary views.

  15. If it's no big deal, let me disable it... by Anonymous Coward · · Score: 1

    If it's no big deal, where's the option to disable this autorenegotiation of keys, assuming that I'm not fussed about whether my messages migrate when I update my handset, but am fussed about Facebook having the technical means to give a copy of my supposedly secure messages to any random phone that their system authenticates?

    1. Re: If it's no big deal, let me disable it... by Anonymous Coward · · Score: 0

      There's no "renegotiation." Instead, the untrusted new key is used first, without user action. The user is notified only after the fact.

      Renegotiation implies exchanging key using a known secure channel.

  16. Speculation is irrelevant by nightfire-unique · · Score: 5, Insightful

    The Whatsapp client is proprietary and closed source.

    It should be assumed to be compromised regardless of what anyone says about it.

    --
    A government is a body of people notably ungoverned - AC
    1. Re:Speculation is irrelevant by cloud.pt · · Score: 1

      EXACTLY. I went into a lot more detail and rambling in my own comment, but you are 100% right.

    2. Re:Speculation is irrelevant by thegarbz · · Score: 0

      The Whatsapp client is proprietary and closed source.

      It should be assumed to be compromised regardless of what anyone says about it.

      We would but our tinfoil hats fell off.

  17. missing the point by Tom · · Score: 4, Informative

    He is missing the point.

    The article is not speaking about an encryption flaw or anything like that, but about a backdoor - a feature that allows Facebook, without any code changes on your device or other intrusion - to eavesdrop on any conversation you are having.

    A good encryption would be impenetrable even to the vendor. It should not allow the keys to be changed underneath you. It should not warn you afterwards about this fact, and only if you have a special option enabled, but it should tell you before it does a key change, and require your consent.

    --
    Assorted stuff I do sometimes: Lemuria.org
  18. Denial of the problem is the first stage by ControlsGeek · · Score: 1

    There is a problem in my opinion and denial won't get it fixed. Sure you need to renegotiate keys with a new device but it should not happen automagically without your knowledge. You should have to do it manually and it should not be done for you based on an assumption and all your messages be resent with the new keys.

  19. SubjectsInCommentsAreStupidCauseTheSubjectIsTFA by lesincompetent · · Score: 1

    Whatsapp's defaults do not prevent MiTM and do not even warn you something's afoot.
    That's doubleplus bad.
    I think we can leave it at that without the drama.

    1. Re:SubjectsInCommentsAreStupidCauseTheSubjectIsTFA by lesincompetent · · Score: 1

      Wrongly worded: nothing *prevents* MiTM. The problem is the missing warning by default and a fail-safe.

  20. let me fix that for you..So it _is_ a backdoor by Anonymous Coward · · Score: 0

    " and it would require significant collaboration with Facebook to be able to snoop on and intercept someone's encrypted messages, something the company is extremely unlikely to do"

    Let me fix that for you:
      and it would require significant collaboration with Facebook to be able to snoop on and intercept someone's encrypted messages, something the company is guaranteed to do for their NSA partners.

  21. The question is by Anonymous Coward · · Score: 0

    how do we know that Facebook does not collaborate with the intelligence agencies, under an NDA? It's an American company after all, and they have to do what their government tells them to, including lying and denying.

  22. Did Whatsapp go open source yet? by cloud.pt · · Score: 4, Insightful

    Some disclaimer:
    I have moderate IT Security experience. I'm admittedly not the ITSec convention-going type, but I've developed for solid security, done successful penetration testing on people's code and the likes... From the guardian's article, and from my POV, the major issue here is one of wording: a Backdoor is a feature, one intentionally added by developers and hidden from the end user-facing stuff such as UI and (R)TFM. This is definitely not a backdoor - it looks like a flaw, probably associated with different use cases of whatsapp vs the original API, considering it happens on verbose conditions, and it surely seems tricky to replicate without very explicit user behavior. Apparently even a change in defaults by whatsapp can solve this.

    Now for the real issue:
    How can anyone even start arguing about an article's guilt on this or Whatsapp intentions without tackling the subject that: every closed source app claiming privacy (such as whatsapp), however you paint it, can never do so as guaranteed without being open source. There is one way, and one way only, that privacy can be achieved without having to trust on privacy policies, disclosures, public legal action or even secretive court orders and it is to open source the damn thing and providing a way of building that outputs the same without the branding (think Chromium or the Mozilla suite in Debian).

    Here's the deal: Whatsapp states it uses the Whisper API but they might as well not use it. Whisper and Signal might state they collaborate and trusts they do use it, but who is to say they aren't being paid for this, lying or even chain-trusting blindly in Whatsapp statements of use? Oh wait, so there's a legal binding document saying Whatsapp actually does this... BIG DEAL. There are also constitutions being RAPED EVERY DAY by US, Chinese, Russian, (every country?) security services.

    Snowden advises on using Signal for two essential reasons that cannot be taken apart:
    1. he has access to the shyt going on inside and...
    2. he actually understands that shyt.

    Number one is the big deal here, and number 2 is the reason he publicly admits his support for Signal - people trust his technical judgement. Granted, no.1 won't make much sense to 99% of the world at which point you have to start trusting on someone's technical ability, reputation and honor, and for fuck sake Whatsapp is a commercial application based in the US - they HAVE to lie about such things, they don't even get a choice. Just having no.1 is like placing your neck under the sword of the entire world community. It's a lot better than a feature list, and advert, a legal document, someone's word. it's everybody's word.

    This is no conspiration theory, but logic beats trust, and most here, as engineers should be very aware of that. Even the trust in one's own actions isn't fallible - some people lie to themselves, some people don't know better than to believe they have failed at something and will trust blindly on their own ability. But sooner or later everybody finds out we are only as perfects as what we are made of. SHOW ME WHAT YOUR APP IS MADE OF and you will have the right for my complete blind trust (because it just isn't blind anymore). It can even be coded in esperanto (intentional bullshit here). It's the only way it is honestly submitted for scrutiny of your own statements of privacy and security.

    1. Re:Did Whatsapp go open source yet? by rmsilva123 · · Score: 1

      This. The reason WhatsApp implemented end-to-end encryption is just to stop judges from asking for "message logs". It is a PR move where they can (eventually) establish that they cannot read the messages themselves (even if they can). This "backdoor" is a non-issue: If you trust WhatsApp's word that the app is actually "secure" and keys are only known to the devices, then you can simply always check the fingerprints to be sure that no spurious "key regeneration" has happened (or change the appropriate setting). To the extent that they trust WhatsApp, Alice and Bob can have secure communications by verifying their keys. Given Snowden's revelations, if you really need to be sure that you communication is secure against the NSA and other three-letter agencies, then you need to switch to an open source app such as Signal AND always check/verify the keys.

  23. How's that different from open source software? by Anonymous Coward · · Score: 0

    So how is that any different from open source software?

    If you're downloading a precompiled binary, regardless of platform and regardless of distribution method, it could have been compromised knowingly or unknowingly (if the compiler is compromised, for example) by whoever is generating and providing the binary. The code that was compiled may not be the same as the open source code. Or perhaps the code is the same, but a compromised compiler emits a compromised binary.

    You're not necessarily safe even if you compile it yourself. Even if the source code is available to you, have you actually performed a thorough security audit of the code in question, along with every single line of code it directly or indirectly depends on (this would include all libraries, and even the OS kernel)? Probably not.

    Then there's the whole issue of your compiler/interpreter/VM potentially being compromised without your knowledge. It doesn't matter how thorough your code review is if your compiler/interpreter/VM can insert malicious code without your knowledge.

    Open source software might actually be worse, in that it can give a false sense of security. The OpenSSL library is a great example of how things can go wrong. People thought that there were "millions of eyeballs" checking it for flaws, yet it turns out that almost nobody was. Many serious flaws were introduced, they went unnoticed by good actors, and then they were ripe for exploitation by bad characters.

    Should we trust proprietary, closed source software? Probably not. But we shouldn't think that open source software is necessarily any better. It isn't, and as we've seen, it may actually be more misleading than closed source software is.

    1. Re:How's that different from open source software? by nightfire-unique · · Score: 1

      Open source is always better than closed source.

      I mean, it's not even worth arguing. You have one more vector of insight into what's happening.

      Compiled binaries can be corrupted, and you can end up with a compromised compiler, kernel, or even, theoretically, hardware.

      Nevertheless, open source software is always more trustworthy (assuming equal stated functionality, of course).

      Proprietary, closed source: score zero. You have literally no idea, and no way of investigating. You operate on total faith.

      Open source software: score not-zero. You have a chance at achieving security. You operate on as much faith as you feel comfortable with.

      --
      A government is a body of people notably ungoverned - AC
    2. Re:How's that different from open source software? by Khashishi · · Score: 1

      Well, if it's open source, it's likely that someone else has done an audit of the code, and even if I haven't looked at each line of code, someone else probably has (if it's popular enough). While it's possible to hide a loophole in popular compilers, I think this is hard to pull off. The government has a lot of resources, but it's also big, slow, and leaky, so I don't think it could pull off a sophisticated compiler loophole without people noticing.

      On the other hand, an Windows operating system backdoor is a lot easier to pull off, since it's closed source and controlled by one company. The NSA could put hacks in Windows to capture message buffers from popular messengers, bypassing the whole encryption.

    3. Re:How's that different from open source software? by Victor_0x53h · · Score: 1

      The difference is that we have the opportunity to review free/open software to verify its functionality and that it is working only in our interests.

      Should we trust open software? No, but we don't have to trust it. We can verify for ourselves, or pay someone qualified to do it.

      Should we trust closed software? Probably not, but what choice do we have.

  24. Not very smart by Khyber · · Score: 0

    And this was a program championed by a supposedly smart security researcher - Moxie.

    Good thing I don't trust people who say "You should trust this encryption!" because they've all been proven wrong historically.

    --
    Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
  25. Alec Muffett is an idiot by Anonymous Coward · · Score: 0

    Alec has completely misunderstood this and criticised another researcher unjustifiably. The point of the article was that whatsapp could renegotiate keys and most users would never know; and secondly, that for those who turn the feature on, they will be notified AFTER the message is sent not beforehand.

    1. Re:Alec Muffett is an idiot by alecm · · Score: 1

      I've criticised a Guardian article, entirely justifiably. As for the underlying issue, it's a design consideration for usability. I actually don't like it, but I respect the choice.

      --
      perl -nle 'setpwent;crypt($_,$c)eq$c&&print"$u=$_"while($u,$ c)=getpwent'
    2. Re:Alec Muffett is an idiot by Anonymous Coward · · Score: 0

      Alec, I know that you know what you're talking about, and I agree that there are some potential merits to this. But if you want fuckwittage, look at TFA:

      If the Guardian's story and accompanying headline were true, it would mean that someone had cracked what is universally considered to be the best publicly available encryption scheme.

      Complete and utter bullshit; nobody is talking about a compromise of the Signal protocol, let alone the underlying encryption algorithms.

      Rest easy, WhatsApp users. There isn't a backdoor

      The person who wrote this clearly does not understand what a backdoor is. This is a textbook case.

  26. Idiot by Anonymous Coward · · Score: 0

    The supposed "backdoor" the Guardian is describing is actually a feature working as intended, and it would require significant collaboration with Facebook to be able to snoop on and intercept someone's encrypted messages, something the company is extremely unlikely to do

    Ah yes, the old, "security through trusting giant megacorp not to mine your data." With a proper 256-bit encryption, and a botnet of a billion machines capable of each trying 1 billion keys per second the probability of cracking my message this year would be about 0.00000000000000000000000000000000000000000000000000003. Is Jacobs suggesting the probability of Facebook or a foreign government using this flaw to intercept encrypted messages is smaller than that?

  27. A data mining company is unlikely to share info? by Anonymous Coward · · Score: 0

    "...and it would require significant collaboration with Facebook to be able to snoop on and intercept someone's encrypted messages, something the company is extremely unlikely to do."

    Exactly. No data mining company would ever do that and you should, of course, trust them.

    Same old silicon valley crack smoking pipe dreams...

  28. It's basic encryption by Bigjeff5 · · Score: 3, Informative

    If you don't trust WhatsApp to faithfully regenerate encryption keys, why the hell did you trust them to generate the initial keys in the first place? They could have just given Facebook a key then and let them listen in to your messages at any time. ANY messaging app, no matter how secure, can do this.

    This is not a backdoor, it's an inherent vulnerability in all encryption systems. If you don't trust one end of the encryption, it doesn't matter if the keys are only generated once or if they're generated over and over, or if you're notified when they're regenerated or if they just regenerate them on the fly. At any point, an untrustworthy server can simply make a valid key for a third party, and your encryption is compromised.

    This is a non-story. You know what 99% of people do in Signal when they get a notification that their encryption key has changed? They hit OK and re-send the message, just like WhatsApp does by default.

    It's just like EULA's, nobody pays attention to those damn thigns. WhatsApp just skips the step of asking you to verify the encryption change unless you go into the settings and explicitly tell it to notify you. For most people, that's exactly the appropriate behavior.

    --
    Security is mostly a superstition... Avoiding danger is no safer in the long run than outright exposure. - Helen Keller
    1. Re:It's basic encryption by Anonymous Coward · · Score: 0

      Duh Then why do 99% of them use encryption in the first place? It's a waste of time just send plaintext.

    2. Re:It's basic encryption by Anonymous Coward · · Score: 0

      WhatsApp just skips the step of asking you to verify the encryption change unless you go into the settings and explicitly tell it to notify you.

      The problem is that it notifies you AFTER the message has already been sent. Better than nothing, I guess, but not good enough.

    3. Re:It's basic encryption by Anonymous Coward · · Score: 0

      If you don't trust WhatsApp to faithfully regenerate encryption keys, why the hell did you trust them to generate the initial keys in the first place?

      Well, I don't. I also don't use WhatsApp so I don't know all the details.

      But (assuming you're the sort of person who trusts proprietary software to begin with) it's not unreasonable: there's an enormous difference between

      (a) trusting that the developers have not, in the past, deliberately compromised the program you downloaded, thus compromising every user at once, and risking their subterfuge being discovered, versus

      (b) trusting that the system administrators will never, in the future, be subject to government pressure, or corporate policy changes, or have their systems broken into, and thus, willingly or not, permit someone to quietly snoop on individual users of interest.

  29. THIS.. and... by gosand · · Score: 2

    it's owned by Facebook.

    --

    My beliefs do not require that you agree with them.

  30. Whatsapp is Subject to Legal Intercept by Anonymous Coward · · Score: 0

    Just like every single other corporate service in the world.

    If you sell a product you have to follow the law and the law says that law enforcement can read and listen to whatever they want.

    It is really simple. Every corporate product is subject to legal intercept and anyone saying otherwise is a liar.

  31. Backdoor is working as intended. by stooo · · Score: 2

    >> It is not a bug, it is working as designed ...

    Backdoor is working as intended. Nothing to see here. Move on. Yeah right.

    He is talking about a legitimate feature in the protocol that has a reason to be here but is turned into a genuine backdoor by the Watsapp application because watsapp does not let the user confirm new keys.

    --
    aaaaaaa
  32. NSA by Anonymous Coward · · Score: 0

    And now we can add more names to the list of "paid off by the NSA".

  33. It is downgrading the security by allo · · Score: 1

    It is downgrading the security. Normally, an attacker would need to steal your key or the receiving end (you and the other person in turns) will get "wrong key, somebody is doing something BAD" warnings.

    Whatsapp doesn't do this. Whatsapp displays a message "the remote end has changed its security number[sic!]". But only if you activated it in the settings. Else you get NO HINT AT ALL.

    The next point are unsent messages. The report seems to exaggerate there a bit. The problem here: Go offline, type some messages. Go online, they are sent. Before you have the chance to see the "security number changed" message, which may have you prevented from sending the messages.

    The problem is there but doesn't happen often, because its likely you see the message soon (if you do not ignore such messages).
    I did not test it, but it may be, that you get the message only after the next message you sent, even when you're online. Which is another trap, if you really need security for every message.

  34. Snoop by Anonymous Coward · · Score: 0

    When I started to get Signal, it said that it wants access to everything? Didn't sound like it was for privacy.

  35. if gizmodo says it has no backdoor by Anonymous Coward · · Score: 0

    now we can be sure it has a backdoor

    thanks gizmodo!

  36. Shooting off your cocksucker again troll? by Anonymous Coward · · Score: 0

    "I don't shoot my mouth off without knowing what I'm talking about" - by raymorris ( 2726007 ) on Thursday December 31, 2015 @09:29AM (#51215379)

    I catch you shooting your mouth off fucking up constantly: 2 raymorris security fuckups https://it.slashdot.org/comments.pl?sid=5351503&cid=47379233/ & https://slashdot.org/comments.pl?sid=5351503&cid=47374033/ + raymorris = script kiddie https://politics.slashdot.org/comments.pl?sid=8895203&cid=51726265/

    &

    Tell us how ONLY 'newer script kiddie tools' have stringlength built in (when PASCAL had it for ages - my fav tool) https://slashdot.org/comments.pl?sid=8472509&cid=51114383/ YOU BLUNDERING WANNABE!

    APK

    P.S.=> You like to talk behind others' backs like the gossiping bitch TROLL you are raymorris https://slashdot.org/comments.pl?sid=9880997&cid=53312265/ well, here I am letting YOU TALK in those links, showing your FAILS wannabe ... apk

  37. Schneier says that this vulnerability is real by hoblabobla · · Score: 1

    Schneier mentions this vulnerability as a real threat on his blog. https://www.schneier.com/blog/... Did he actually endorse anything that says it isn't? (The link on the main page of slashdot.org claims he did.)