
WhatsApp AES decryption key for all chats leaked - TeMPOraL
https://joindiaspora.com/posts/3787235
======
habosa
I wonder if this is similar to Snapchat. Snapchat uses AEC-ECB encryption
(which you should never use) with a single key that is not-so-carefully hidden
in every binary file they've ever distributed to a mobile device. The kind
folks at Gibsonsec revealed Snapchat's "security by obscurity" and documented
the API so well that I was able to make a Java Snapchat client in a few hours.

I hope that's not the case for WhatsApp, they have a lot more to lose.

~~~
meowface
Is this just a key to encrypt chat logs local to the phone? I'm assuming
they're not using this to encrypt messages in transit...

If it's just local storage, then obviously it'd be easy for anyone to figure
out how the app reads the logs. 95% or more of chatting programs and apps do
not even encrypt chat logs in the first place.

~~~
habosa
Not sure. Snapchat uses that in transit.

------
caiob
What's also interesting about this is to know that Diaspora still exists.

~~~
ahknight
That's honestly all I got out of this.

~~~
sxtxixtxcxh
mission accomplished, probably.

------
amirmc
Is this new news? I thought there were already tools out there making use of
this key (eg a proof of concept app to steal the whatsapp db on an android
[1])

[1]
[https://news.ycombinator.com/item?id=7380136](https://news.ycombinator.com/item?id=7380136)

~~~
meowface
The AES key in that post appears to be:

346A23652A46392B4D73257C67317E352E3372482177652C

The one in the linked Tweet appears to be different.

------
nly
_Sigh_ You can't 'leak' a symmetric key. If the messages are encrypted on your
phone then you already have the key. If they're not then it doesn't matter.

~~~
abshack
That it uses the 'same' symmetric key for all users is what has everyone
concerned. Coupled with the fact that WhatsApp stores your chats on external
SD cards [1] without access controls, any APP you have installed can access
and decrypt your WhatsApp chat history using this key.

[1] [http://bas.bosschert.nl/steal-whatsapp-
database/](http://bas.bosschert.nl/steal-whatsapp-database/)

This was on HackerNews a few days ago
[https://news.ycombinator.com/item?id=7380136](https://news.ycombinator.com/item?id=7380136)

~~~
meowface
The security flaw here is that there aren't any access controls, not that they
use the same symmetric key everywhere for local storage. Even if they store
the logs in plaintext, other apps should not be able to read those logs.

------
toyg
If confirmed, this is a huge blow. It's not just about regenerating the leaked
key -- a design relying on a single master key for multiuser messaging is
fundamentally broken. It will take months to rebuild it in a sane way.

~~~
abshack
In terms of huge blows to WhatsApp, nothing beats the original[1] leak which
showed that WhatsApp was using IMEIs as a password.

That didn't stop WhatsApp from growing into the behemoth (that its acquisition
price states) it is.

[1] [http://samgranger.com/whatsapp-is-using-imei-numbers-as-
pass...](http://samgranger.com/whatsapp-is-using-imei-numbers-as-passwords/)

------
jasallen
hmm, this guy has a lot of followers on Twitter, and this tweet is a couple
days old. The lack of shitstorm, I presume means this isn't all it's cracked
up to be? What is it that is supposedly decryptable with this key? Without
more info I'm kinda stumped as to what we're looking at.

~~~
clwg
He's the main author of cryptocat, which in the past has gotten allot of flak
for it's javascript/client side implementation of encryption.

~~~
hamburglar
Yeah, I was actually a bit surprised that this thread wasn't mostly people
pointing out the irony of this particular person scoffing at someone's
security flub.

------
andymcsherry
This is the nature of shipping client code. Any key they used can be extracted
by a sufficiently determined individual. The real security issue was not
storing the database in the app's private directory.

~~~
acchow
The real security issue is using the same symmetric key with every client.

~~~
andymcsherry
That's really just security through obscurity. You're still shipping code that
explains the process of obtaining the key. If they store their credentials to
obtain the key in a public directory, it's just as vulnerable.

~~~
hueving
Wrong. If a phone can only retrieve the key for it's own number (e.g. via SMS
request), that's orders of magnitude better than the current case where one
key can decrypt logs for any arbitrary number. Each SMS request could generate
a new key, so even if another app on the same phone does it, it won't be able
to get the key to read the logs.

~~~
andymcsherry
This still relies on the legitimate app not storing the key they fetched in a
public directory so the attacker can read it. You can keep adding layers upon
this, but it doesn't change that.

~~~
hueving
>This still relies on the legitimate app not storing the key they fetched in a
public directory so the attacker can read it.

Obviously. Why would they do anything else? The point is that they can safely
store the logs on an SD card under space constraints.

------
dmix
The two day old source tweet:
[https://twitter.com/kaepora/status/445623864065007616](https://twitter.com/kaepora/status/445623864065007616)

------
Sarkie
So it this a newer version of the old key from this study?

[http://blog.digital-forensics.it/2012/05/whatsapp-
forensics....](http://blog.digital-forensics.it/2012/05/whatsapp-
forensics.html)

Or is this the key they use to transmit the data with?

------
untitaker_
Link to a screenshot of a tweet citing no source, posted on a dead social
network.

------
api
Why bother with encryption if you're going to do this?

~~~
Ihmahr
"All your chats are encrypted with the Advances Encryption Standard."

~~~
hueving
Which is military grade! :)

------
duaneb
It uses the same key for all instances? Wow.

------
spike021
Could you use some kind of master password that is entered temporarily to
encrypt/decrypt the AES decryption key?

~~~
meowface
Yes. That is, for example, how Firefox stores passwords (if you enable the
master password option).

I imagine they haven't bothered to do this for usability reasons, since people
would have to type in the password every time they start up the app. Adding it
as an option certainly couldn't hurt, but even then I'm not sure there's a
point. Most people leave their phones on most of the time, and WhatsApp is
probably going to be running in memory that whole time, in which case someone
who steals your phone will still probably be able to read all your chat logs
anyway.

------
fidz
Wow, i think Diaspora is cool. Is there any HN related thread about Diaspora?

