Security Experts Rebut The Guardian's Report That Claimed WhatsApp Has a Backdoor

William Turton, writing for Gizmodo: This morning, the Guardian published a story with an alarming headline: "WhatsApp backdoor allows snooping on encrypted messages." If true, this would have massive implications for the security and privacy of WhatsApp's one-billion-plus users. Fortunately, there's no backdoor in WhatsApp, and according to Alec Muffett, an experienced security researcher who spoke to Gizmodo, the Guardian's story is a "major league fuckwittage." [...] Fredric Jacobs, who was the iOS developer at Open Whisper Systems, the collective that designed and maintains the Signal encryption protocol, and who most recently worked at Apple, said, "Nothing new. Of course, if you don't verify keys Signal/WhatsApp/... can man-in-the-middle your communications." "I characterize the threat posed by such reportage as being fear and uncertainty and doubt on an 'anti-vaccination' scale," Muffett, who previously worked on Facebook's engineering security infrastructure team, told Gizmodo. "It is not a bug, it is working as designed and someone is saying it's a 'flaw' and pretending it is earth shattering when in fact it is ignorable." The supposed "backdoor" the Guardian is describing is actually a feature working as intended, and it would require significant collaboration with Facebook to be able to snoop on and intercept someone's encrypted messages, something the company is extremely unlikely to do. "There's a feature in WhatsApp that -- when you swap phones, get a new phone, factory reset, whatever -- when you install WhatsApp freshly on the new phone and continue a conversation, the encryption keys get re-negotiated to accommodate the new phone," Muffett told Gizmodo. Other security experts and journalists have also criticized The Guardian's story.

Re:And Muffet is employed by?

[alecm]

Currently, since July, I am employed by nobody. And loving it.

Previously to that I worked at Facebook, built their Tor onion, and build Facebook Messenger E2E crypto.

So, I'm competent to comment, and beholden to nobody :-P

missing the point

[Tom]

He is missing the point.

The article is not speaking about an encryption flaw or anything like that, but about a backdoor - a feature that allows Facebook, without any code changes on your device or other intrusion - to eavesdrop on any conversation you are having.

A good encryption would be impenetrable even to the vendor. It should not allow the keys to be changed underneath you. It should not warn you afterwards about this fact, and only if you have a special option enabled, but it should tell you before it does a key change, and require your consent.

Re:Compromise

[Tom]

Different problem.

Yes, the provider could initiate a man-in-the-middle attack against all users from the start. However, let us assume that he didn't do that, for various reasons that are for a seperate discussion.

In such a scenario, Alice conversation with Bob is secure. It requires only the initial secure key exchange. Once that is complete, they are fine.

But with the backdoor of silent key-renegotiation, the provider can at any time decide that now they want to eavesdrop into this or that conversation. Say, because a government agency asked them nicely, or a FB employee looked up that woman he met last night in the database and found her WhatsApp number...

It is a different scenario with different ramifications.

Re:And Muffet is employed by?

[alecm]

a) just check my twitter for proof - and my 4-digit Slashdot ID. :-)

b) i've built a reputation for 25 years, saying such things. Go dig up my USENET from 1991. Hasn't done me any harm that I care about, and it has done me measurable good when people see me commit to a set of values or a proposition with no "if", "and" or "but".

c) at least I'm funny. :-)

It's basic encryption

[Bigjeff5]

If you don't trust WhatsApp to faithfully regenerate encryption keys, why the hell did you trust them to generate the initial keys in the first place? They could have just given Facebook a key then and let them listen in to your messages at any time. ANY messaging app, no matter how secure, can do this.

This is not a backdoor, it's an inherent vulnerability in all encryption systems. If you don't trust one end of the encryption, it doesn't matter if the keys are only generated once or if they're generated over and over, or if you're notified when they're regenerated or if they just regenerate them on the fly. At any point, an untrustworthy server can simply make a valid key for a third party, and your encryption is compromised.

This is a non-story. You know what 99% of people do in Signal when they get a notification that their encryption key has changed? They hit OK and re-send the message, just like WhatsApp does by default.

It's just like EULA's, nobody pays attention to those damn thigns. WhatsApp just skips the step of asking you to verify the encryption change unless you go into the settings and explicitly tell it to notify you. For most people, that's exactly the appropriate behavior.