
Why the “WhatsApp-backdoor” is not a WhatsApp-backdoor - slashcrypto
https://slashcrypto.org/2017/01/13/WhatsApp_backdoor/
======
eganist
It's a backdoor because it grants access (to new messages as well as any
messages replayed) with explicit authorization by the application but without
explicit authorization by the user.

That seems to fit the currently accepted understanding of the word:
[https://en.wikipedia.org/wiki/Backdoor_(computing)](https://en.wikipedia.org/wiki/Backdoor_\(computing\))

------
MyNameIsFred
I do not see this as an actual rebuttal to the idea of it being a backdoor.
The article makes two points: 1\. Ultimately, verification falls to the user,
so even in a secure system, user error, misunderstanding, and/or laziness can
result in becoming compromised 2\. Clients can lie to us anyway

The point about this "backdoor" business is that the WhatsApp client does not
even give the user the chance to even make a mistake of skipping or mis-
executing validation. Instead, it will just make that mistake FOR you, every
time, for your convenience!

That utter failure of design, and breach of trust, enables a remote actor (the
WhatsApp servers) to access secure data. So yes, it is a "backdoor".

~~~
mattcoles
The 'remote actor' could always do this though, as there is another
'backdoor', that you and I call the App Store/Play Store, whereby Facebook can
push whatever updates they please - including one that could send your
decrypted messages back to Facebook - without you knowing as WhatsApp is
closed source.

------
jMyles
It is sad, and misinformative, that this article is currently #1 on HN, while
the much more accurate and better-written Guardian piece "WhatsApp backdoor
allows snooping on encrypted messages" is #2.

The linked piece is hard to critique because it's borderline incoherent. The
"conclusion" is simply not a conclusion, particularly this passage:

> A provider always has the ability to intercept messages as long as the user
> does not verify fingerprints. With WhatsApp, it is even harder to make sure,
> no MitM takes or took place. WhatsApp is closed source, so who can tell, if
> WhatsApp just displays wrong identity keys and lets the user think that
> everything is perfectly OK ..?

~~~
sfifs
It's actually very accurate technically. The Guardian article seems to miss
the basic point.

The encryption in WhatsApp and Signal and Apple messaging all are all built to
protect data from others in transit not necessarily from the service provider
itself.

No system where a central service provider manages both key infrastructure and
message delivery can ever be secure from MITM by the service provider unless
you do manual key verification through a different channel. Signal does
provide the means to doing so by physically meeting a person and verifying
which is good. But are you truly going to be able to explain these concepts
beyond techies?

~~~
jMyles
But the actual point here is the retransmission vulnerability. That's what
makes WhatsApp different. That's the backdoor.

~~~
sfifs
Look if WhatsApp wants to read your messages without you detecting, there's
nothing you can really do to prevent it apart from not using WhatsApp.

For instance if you're on some list for message interception, they can give
you MITMed keys when you first login. Or they can insert some subtle signal
that tells the app on your specific phone to ignore key changes and avoid
showing notification in some way you would struggle to check (closed source
and obfuscated code) etc etc. They could even show you the right key if you
attempt verification but use a compromised one for communication. This
particular vuln. would be a ridiculously crude way to intercept messages.

To repeat, in any system where key distribution and message distribution are
centralized, there is no way to protect against the service provider - and
anyone who co-opts the service provider (eg. with a court order). The
objective of the encryption is to protect against other actors snooping on you

------
appleflaxen
If the title of the article is the conclusion, I really don't see how they
arrive there based on the post.

If I read the post and came up with the thesis sentence myself, it would be
"WhatsApp is vulnerable to MITM attacks because it tries to automate key
changes by default"

~~~
joestr87
Tech articles are the absolute worst at being click-baity.

------
patates
So it's not a backdoor because theoretically they can already intercept the
messages?

In other words, this is not a crack because the glass is already broken.

I'm so relieved.

------
rocqua
> This is not a backdoor, this is a default setting of > WhatsApp and
> everybody is able to opt-in the feature > which blocks message sending when
> the key material changes.

This is flat-out wrong. There is no opt-in feature to block sending when the
key material changes. There is only an option that notifies when the material
changes.

And this is precisely the problem. On certain messages (those not yet
delivered) whatsapp can force re-transmission encrypted with a key of their
choosing. No options will block the re-transmission.

------
johnhenry
I agree with most comments on this thread -- This is indeed a back door and it
is irresponsible for someone who works in Security to claim that it is not. If
the key-verification functionality that you describe were "opt-out", then you
might have a case on your hands, but because it's "opt-in", the user would not
know when What's App is potentially spying on them.

------
rodrigo-mx
This is a backdoor because it is used to fool people. In countries like
Mexico, carriers do not charge your data use of fb and WhatsApp. They offer it
as free social network. I am sure government is behind of such a good will to
users from big companies. You get free communication in exchange from your
privacy. What a nice deal!

------
venomsnake
No it is a backdoor. Becuase the app fucks you on purpose, even if you go to
great lenghts to verify the keys.

Also the vulnerabilty matches perfectly one scenario - when a person is in
custody, the LEO cannot open its phone, but they can create account on new
device with his sim card and continue "trusted" chats.

~~~
Eyas
I understand why that is a concern for the security conscious. But for the 90%
use case, e.g.: I lost my phone and got a new one. Or my phone isn't turning
on and I get a new one.

I install WhatsApp. How do I roll over my identity?

The way I see it is that WhatsApp is delegating the task of identity
verification to the network provider (admittedly a weak link for the security
conscious). But it _is_ the easiest way for the average user to continue chats
on a new phone.

If the default setting were reversed, HN would stop complaining, but the 90%
would.

The most 'secure' means of communication is probably a one-time pad
communicated via paper on magic ink that you then burn, or something. There is
a cost to ease of use in many cases. I wish the conversation was less about
right v wrong, and more about what tradeoffs should be made and where to draw
the line.

~~~
rocqua
The nice solution here that would please security-conscious people with an
opt-in would be for that opt-in to prevent automatic re-encryption and re-
transmission under the new key.

To expand on the example given above, if the police get your phone, turn it
off and wait for a while. You might have quite a few incoming unreceived
messages. They can then simply take the sim, put it in a new phone, and
register that with whatsapp. They can then read all messages sent to you since
they turned of your phone.

------
gizmo
I agree this isn't a backdoor. Facebook is already a Trusted Third Party with
the responsibility to deliver an honest closed source client binary, as are
Apple and Google for delivering the binary unaltered to the end users.

This backdoor cannot be exploited by third parties, only by Facebook
themselves, who already have much easier ways to intercept or manipulate
communication. So although I don't think Whatsapp makes the right trade-off
here (people get a new phone only once every few years, so why optimize for
that edge case?), I'm not concerned about the privacy implications either.

I suspect other commenters here are confused about the nature of the Signal
protocol, and who you have to trust for the system to be secure. If you used
to believe that Facebook is 100% unable to intercept or tamper with Whatsapp
communication, then this would be upsetting. But since they're a trusted party
already, this changes nothing.

------
grabcocque
This just goes to show the importance of picking sound defaults. WhatsApp gets
this horribly wrong. Regardless of whether it's a backdoor, their default
behaviour is _dangerous_ because it leaves users vulnerable to MITM attacks.

Let's not get hung up on semantics, and focus on the HARM.

~~~
rocqua
I should point out that even with the 'correct' setting (which isn't default)
whatsapp will still re-encrypt and re-transmit any unsent messages under the
new key. All the 'correct' setting does is notify you of the key change.

The article is factually wrong on this.

------
yalogin
This is a confirmation of the backdoor and not a rebuttal.

------
soneca
Is this only saying it is a feature, not a bug?

