
WhatsApp Backdoor/Vulnerability demonstration [video] - sajid
https://www.youtube.com/watch?v=we-pJE5JjAs
======
Javantea_
It now is a lot more clear what's going on here. The discoverer of this issue
is basing his argument on the fact that when you verify a fingerprint, you are
now confident that your end-to-end encryption won't transparently send your
encrypted data to someone with a different keypair. The other side of the
argument is that if WhatsApp actually did what you expect, data would be lost
when a person switched phones in the middle of someone sending them a message.
As a person who doesn't switch phones very often, I would prefer an end-to-end
encryption to never send data to a different public key than the one I've used
before. I would rather lose data than divulge it to a third party who has the
ability to spoof the recipient's phone. This would only come up whenever
someone switched their phone when I was sending them a message, so it's pretty
rare.

To me the trade off is a no brainer, and apparently to Facebook and Whisper
Systems the trade off is a no brainer in the opposite direction.

~~~
whyoh
>if WhatsApp actually did what you expect, data would be lost when a person
switched phones in the middle of someone sending them a message

Only temporarily lost. WhatsApp could ask you: "do you want to resend the
message(s) to the contact's new phone?". An easy solution and it could be
optional, even off by default.

~~~
FabHK
I like that idea.

OpenWhisperSystem's response was that due to the delay involved the
(potentially compromised) server would know who has enabled
notifications/blocking and who hasn't.

~~~
whyoh
>the (potentially compromised) server would know who has enabled
notifications/blocking and who hasn't.

How would that be worse than the current situation, where everyone is
vulnerable and we all know it?

~~~
FabHK
From Moxie's response in another thread:

[...] a fact of life is that the majority of users will probably not verify
keys. That is our reality. Given that reality, the most important thing is to
design your product so that the server has no knowledge of who has verified
keys or who has enabled a setting to see key change notifications. That way
the server has no knowledge of who it can MITM without getting caught. I've
been impressed with the level of care that WhatsApp has given to that
requirement. I think we should all remain open to ideas about how we can
improve this UX within the limits a mass market product has to operate within,
but that's very different from labeling this a "backdoor."

[https://news.ycombinator.com/item?id=13394900](https://news.ycombinator.com/item?id=13394900)

~~~
FabHK
As a counterpoint, though, see the discoverer of the vulnerability:

"As Eike Kühl pretty well describes, this functionality only increases
usability in a rare corner case: When you dump your phone in the ocean and you
need a month to get a new one. Then everyone who has sent you a message during
this period will not need to press an additional "OK" button."

[https://tobi.rocks/2017/01/what-is-facebook-going-to-do-a-
su...](https://tobi.rocks/2017/01/what-is-facebook-going-to-do-a-suggestion/)

------
y7
For those not wanting to watch 14 minutes of video, here is the author's blog
post explaining the vulnerability: [https://tobi.rocks/2016/04/whats-app-
retransmission-vulnerab...](https://tobi.rocks/2016/04/whats-app-
retransmission-vulnerability/)

------
nodesocket
I could be wrong, but he just puts the sender phone in Airplane mode and then
sends a few messages. Then he swaps the sim card from the receivers "Laura's"
phone to the government's phone. Then the government's phone is able to view
the messages sent while the sender's phone was in Airplane mode. Is that
really the vulnerability?

~~~
Buge
Yes it's a real vulnerability. Edward's phone is reencrypting the message with
a new (malicious) public key without Edward's permission. It's not clear this
would be a very practical attack, but it's definitely something that Whatsapp
should stop if the extra security mode is enabled.

~~~
nodesocket
I get it, but let's stop calling it a backdoor conspiracy theorists. It is
really a UX decision. WhatsApp decided they'd rather not have the possibility
of losing messages when you switch phones.

I see the fix as being as easy as a new security preference that by default
behaves the same way, but you have the option to prevent sending messages that
are not reported as delivered to a new device/key. Essentially those messages
get lost.

~~~
feld
You can't prove whether or not it was intentional. Marketing speak can spin
this as a convenience for the user. It's still a backdoor until they fix this.

I don't believe Moxie has the actual insight into Facebook's true intentions
with the Whatsapp platform. He may believe their intentions are honest, but
he's just a cog in their wheel.

If he honestly believed Whatsapp was sufficiently secure why would he bother
with Signal?

~~~
nodesocket
Well perhaps it was just a bug or edge-case, and WhatsApp is just "spinning"
it as convenience. We could go back and forth all day.

Immediately jumping to backdoor and malicious intent for use by the Government
is disingenuous and we don't know that to be factual. Yet the media and this
YouTuber seems to be distributing that very message.

~~~
feld
You seem to attribute backdoor with malicious intent. Step back for a minute
and consider the power of PR spin.

------
dogma1138
Hmm doesn't WhatsApp puts a red system message when the phone or key is
changed?

When I talked to my gf the other day noticed it when she switched her work
phone.

~~~
whyoh
It does [if you enable it], but in special circumstances (as described in the
video/article) the warning is only displayed AFTER your messages have already
been delivered to a new phone.

------
activatedgeek
There was another article claiming there's no backdoor.
[https://news.ycombinator.com/item?id=13394900](https://news.ycombinator.com/item?id=13394900).

Anybody with any ideas what is happening exactly?

~~~
tonfa
It's what the other article says, for in flight message (single tick), if the
key changes it might be reencrypted with a new key if the recipient key
changes.

If there's a double-tick it's too late, and it won't reencrypt. In practice,
unless you have a very long monologue, only one message would "leak", not the
full discussion.

(after the key changes you'll get a warning if you have the settings to show
cryptographic details enabled).

~~~
mentat
People have "monologues" on IM all the time. I'm sure FB has the data from
Messenger and WhatsApp, what the aggregate exposure in message volume is at
any time. I do not have that data but I suspect it's "a lot".

------
truncheon
The premise here, being that powerful (or technically adept) people may have
the capacity to impersonate a phone number, or clone a SIM card.

...since that part isn't directly stated, and might not be obvious to
everyone.

~~~
FabHK
That would indeed be enough. The other conceivable scenario is that the server
gets compromised (and suppresses the "delivery receipts", then sends a
spurious "rekeying" message).

------
mavhc
Seems like Facebook should start testing, turn on security notifications for
1% of users, see what happens

------
jMyles
I think the past few days of back-and-forth about this issue have made a few
things clear:

1) The double-check was not widely understood as an indicator of any
particular security state prior to the attention this has gotten.

2) Is it fairly easy to imagine a scenario in which the behavior of WhatsApp
can be readily exploited - think of a journalist on the ground in Tahrir
Square using WhatsApp to report on conditions, neither expecting nor receiving
replies or confirmations, perhaps for hours at a time.

3) The matter of whether this is a "backdoor" or not is contentious, but also
not terribly important to the stakeholders.

4) Moxie wholesale approves of the WhatsApp implementation.

5) WhatsApp does in fact provide substantial security for a common and
important use case.

So, where do we go from here?

I think that those of us that care about freedom in the information age well-
advised to remember that Moxie has done incredible, substantial, and
landscape-shifting work in this space.

Nevertheless, I also think that Moxie can provide a few more details and
thoughts that will be hugely helpful to the community in thinking through the
coming years of IM security.

Specifically, I will quote the comment I made in the other article, addressing
Moxie directly:

Moxie,

I think it's fair to say that you are the world thought leader on these
matters right now.

One thing that the rest of us are wondering right now is:

> (Quoting Moxie, in response to my comment) I've been impressed with the
> level of care that WhatsApp has given to that requirement.

To what degree do you really know that? Is there a place where we can read
about your interactions with Facebook, the level of access they've given you,
and the degree to which they have allowed your recommendations to shape the
contours of their implementation?

Nothing less than the strength of dissent lies in the balance of questions
like these.

> I think we should all remain open to ideas about how we can improve this UX
> within the limits a mass market product has to operate within, but that's
> very different from labeling this a "backdoor."

I agree that the jump to scary terminology is dangerous.

However, at the end of the day, I think that many of us have been trying to
make a simple point that shows that there is a sort of crossing of that line:

WhatsApp claimed that they were simply unable to intercept communications, and
now we find out that, without any user interaction or approval, messages which
haven't received the "double check" are re-transmitted when a new key is
generated.

So look: nobody here is trying to diminish your tireless work and your
accomplishments in bringing freedom into the information age.

But there are nuances here that are important, and fleshing them out is a big
part of what this community is about.

