
Ask HN: How can I verify that WhatsApp uses E2E encryption? - Inc82
Everyone seems thrilled that WhatsApp has announced they they have switched to E2E encryption developed by Open Whisper.  Is there a way I can verify this is happening?
======
sdevlin
Most of the comments so far focus on the fact that WhatsApp is a closed-source
system. And just to be clear, it would absolutely be better to have source
code. Source code gives you a 1000-foot view of the application and lets you
spot obvious problems quickly.

But source code can also lie to you. To really understand what the application
is doing, you need to do what security auditors do irrespective of source code
availability. Namely:

1\. Disassemble the application binary.

2\. Debug the running application.

3\. Observe the network traffic.

Here's another thing to think about. Suppose the source code were available.
How could you trust that the source code provided matches the compiled binary
running on your phone? You would need to perform the above steps to verify.

~~~
aroman
It the source were available, I could compile it into a binary myself and
calculate a file checksum and compare it against the binary downloaded from
the App Store. Obviously not the case here, but i don't think you'd need to
"performs the steps above" to verify.

~~~
scrollaway
And you would almost certainly not get the same checksum unless they provided
you with the exact toolchain they used (which almost nobody does) due to
compiler version mismatches or some such.

~~~
mahouse
Even if you used exactly the same toolchain you would not get the same
checksum because the binaries will probably have some other information
embedded, such as timestamps.

------
colanderman
I suppose, _if_ they published the algorithm they claim to use, and _if_ you
can stub out the app's random number source (say LD_PRELOAD or the like), and
_if_ you can sniff the app's network traffic (again, LD_PRELOAD might be
necessary if it's encrypted, assuming they're not using a statically linked
SSL library), and _if_ they don't perform one of any number of trivial
modifications to the algorithm (such as adding a fixed salt), you might be
able to, for a given message, confirm that for that message, they encrypt it
identically to how the algorithm they claim to use would encrypt it.

But that's a lot of ifs, and doesn't prove there's no backdoor that's
currently disabled.

------
CHY872
I think a lot of people here have missed the point a little. It's very easy to
subvert E2E encryption of this sort, because no Whatsapp user has any way of
verifying that they're talking to another Whatsapp user beyond the Whatsapp
servers saying so.

The actual apps could carefully perform the E2E encryption, but Whatsapp could
easily MITM the data if (say) requested to by an outside agency, without the
app being any the wiser.

It's impractical to verify - you'd have to have the source to Whatsapp's
servers, guarantees their SSL keys haven't been compromised, etc etc etc.

~~~
gsbabil
If WhatsApp integrated everything they had in `Axolotl` [0] protocol
specification, this wouldn't be the case. If WhatsApp would attempt to MITM,
they would have to know someone's private-key (or break the crypto) which
never leaves the phone, hence the E2E property.

[0]
[https://github.com/trevp/axolotl/wiki](https://github.com/trevp/axolotl/wiki)

~~~
StavrosK
It's always possible to MITM if you can't verify the signatures. No matter
what they implement, the server can just relay messages back and forth.

------
ahoog42
If you want to easily do traffic inspection and forensic analysis of stored
data for iOS and Android, you can check out the free Community Edition of our
mobile app testing lab [1].

Disclaimer, co-founder here.

[1]
[https://www.nowsecure.com/apptesting/community/](https://www.nowsecure.com/apptesting/community/)

------
fdik
You cannot verify that WhatsApp isn't cheating without a source code analysis.
And it's even worse, WhatsApp is a doughter company of Facebook, so WhatsApp
is falling under Section 215 US Patriot Act.

In short: it's not Facebook's or WhatsApp's fault, but they're forced to cheat
if there is the requirement from US officials.

While there may be E2E encryption in WhatsApp, there is no way to get it
trustworthy.

~~~
higherpurpose
Legally, if they indeed enabled E2E, the government _shouldn 't_ be able to
force them to disclose the data. CALEA says you should decrypt the data for
the government _only if you have the keys_. But with Axolotl E2E encryption,
they're not supposed to have them.

Of course the government will try to _threaten_ them with NSLs or tax audits
or whatever, and Whatsapp _could_ cave, but the law _should_ be on their side.

But before we get there they actually have to put it in their privacy policy
that they are doing that, so then they can show the judge later that they've
legally committed to a certain level of privacy for their users.

~~~
mSparks
it's not a case of threatening anyone.

they just pay them to include the additional primes in the public key system.
users are still more or less secure. not just whatsapp. pretty much all the
public key systems use it. it's still effectively 1024 bit plus keys for
everyone but the nsa and ghcq.

latest snowdon leaks include everything you need for confirmation now you know
what to look for.

------
joepie91_
Basically, you can't. And this is precisely why open-source is so important
for cryptography-, security- and privacy-related purposes.

------
davexunit
You can't. WhatsApp is proprietary software that you aren't allowed to audit.
Use free software chat programs instead.

~~~
switch007
How can I (developer, no security knowledge) verify that
<open_source_alternative> does encryption properly?

~~~
tptacek
You should assume it can't. The track record is very, very poor.

~~~
srslack
That's a funny statement, considering PGP and OTR is the go-to and has held up
for all of these years.

~~~
tptacek
What's the next example?

~~~
srslack
Truecrypt, also confirmed by NSA documents published by Der Spiegel to be
'catastrophic.'

OpenVPN. SSH-2 with RSA keys.

What proprietary software with good track records did you have in mind?

~~~
tptacek
Truecrypt isn't a messaging system, is barely open source, and is barely
trusted (though I think that's unfair). Compare, on the other hand, to "real"
open-source disk encryption projects like EncFS/Ecryptfs.

OpenVPN is built on OpenSSL and was Heartbleedable.

Until a few years ago, SSH was a fiasco. Cryptographically, it has
approximately the same security track record as SSL. It's also not a messaging
system.

I didn't say I had a closed-source alternative for you. There aren't good
answers here. I like TextSecure. I also like GPG, a lot. And I have a 4-figure
bet with Matthew Green that OTR is more resilient than the other messaging
systems. But OTR is mostly only OK if you don't use it with an actual chat
client; once libpurple is in the picture, nothing is OK anymore.

~~~
loadaverage
how is SSH a fiasco? i'd love to read more about that.

"approximately the same security track record as SSL"? i'd say heartbleedable
(openssl ssl) vs not heartbleedable (openssh) would be a rather incorrect
approximation.

also, a messaging system could be tunneled through ssh.

------
danpalmer
Several people have already raised the very good point that ultimately, we
need the source code to be certain.

However, can we really be sure when we have the source? I don't think so. The
codebase is likely to be large, especially when you start looking at
dependencies such as the crypto libraries they may be using (unless you want
to assume they are safe themselves), and it has been shown that humans are
actually quite bad at finding vulnerabilities in code that is written to
obscure its real purpose.

The Underhanded C Contest is a yearly contest that puts this to the test.
Participants are given a spec for a small piece of software, and must write a
program in C that appears on code review to work correctly, but in fact
subverts the requirements in some way. This has been remarkably successful.

Sure, having the code is better than not having the code, but I think that
gives us less security than many assume it does.

~~~
ikeboy
Would someone actually looking through those entries trying to find a problem
fail? Or is it just "first glance doesn't show any problems" stuff? I thought
it was 2.

~~~
dllthomas
It would be great to throw entries at actual security auditors, mixed with
innocent versions, and see how they fare.

~~~
ikeboy
We need a name for this. How about Bug-complete Turing Test? Or just Buggy
Turing Test.

~~~
dllthomas
I'm down for naming it, but I think "bug" is the wrong term for what we're
talking about here, since we're talking about deliberate misbehavior.

------
fmax30
While you can never be certain that WhatsApp uses e2e encryption without a
proper source code review but you can do the following to atleast check it on
your side by doing the following. 1\. Install Charles webproxy 2\. Configure
your device to decrypt the https traffic of whatsapp ( install the ssl
certificate and configure proxy) 2.5 Enable ssl proxy for whatsapp. 3\.
Monitor whatsapp's traffic using charles web proxy. 4\. If you can see random
encrypted text somewhere in the request or response they are using e2e
encryption.

I'll try it tomorrow might even write about it here or somewhere depending on
the results.

------
metafex
As to "Use Free Software": the OTR protocol currently stands the test against
various agencys and holds strong. I suggest to use software that makes use of
it, e.g. ChatSecure. Also, If you wan't someone who's not a random person on
the internet telling you this: go watch the talk of Jacob Appelbaum and Laura
Poitras from the 31C3.

The Problem with closed source software is an will always be, that we can
never be certain of it's security (at least not without reverse engineering
every version and fully understanding it).

------
techaddict009
I dont know how exactly but may be you can do so by tapping network traffic
via wifi router and analyse it.

------
ritonlajoie
I guess, connect on a computer using your phone VPN ability, and launch
wireshark.

~~~
jacquesm
That only shows a bit of information on _some_ packets. Maybe there is a
switch in the code that can be triggered remotely which then sends out your
data without any encryption at all. You really need to look at the source to
get any kind of confidence with stuff like this, and even then there are a lot
of possible issues if your data passes through servers owned by others.

