
How to intercept all Wire voice and video calls - ge0rg
https://medium.com/@pepelephew/how-to-intercept-all-wire-voice-and-video-calls-13da1246675c#.2s2a27aii
======
walterbell
Wire is fantastic and I hope they address this authentication issue soon. What
is the value of verifying contact fingerprints if other communication stages
are not verified?

I would like to see more disclosure on server retention of encrypted messages
and documents, especially when:

(a) msgs/docs have been delivered to all devices

(b) msg / doc has been manually deleted by the sender

Twitter posts [1] suggest that encrypted msgs are retained on the server for
weeks, even if already delivered. This creates an attack target. Wire has
promised to open-source their Haskell server code, so maybe the community can
help remove this technical limitation by implementing a proper store-and-
forward mechanism.

It would also be good to have the option of choosing P2P E2E msgs that go
directly between devices and never touch the Wire server. This would only be
useful for synchronous conversations, but would again reduce the central
server as an attack target.

[1]
[https://twitter.com/wire/status/822421405937659908](https://twitter.com/wire/status/822421405937659908)

------
ge0rg
Tl;dr: Wire voice and video chats use SRTP encryption, but the key is
transmitted over the Wire server using normal TLS without further
authentication checks or Certificate Pinning. A Wire employee or malicious
government could MitM the claimed end to end encryption.

~~~
tyingq
The point that the servers are in Ireland, versus Switzerland, is interesting
as well, given that "Swiss Based" is used as a marketing pitch.

~~~
zokier
On a quick browse I found these two references to Switzerland:

Frontpage: "Swiss-based, EU hosted"

Bottom of the "Privacy" page: "Wire is based in Switzerland and is fully
compliant with Swiss and EU data protection laws."

I don't think that is "making a big deal", or even misleading. Especially the
frontpage reference is actually really honest.

~~~
tyingq
It's not outright dishonest, but it seems pretty clear why they like the word
"Swiss", but generalize Ireland as "EU". I'm sure many of their customers read
that as "Oh, it's all in Switzerland, where privacy matters." I know
Switzerland isn't in the EU, but I suspect not all their potential customers
know that.

------
AdmiralAsshat
Can someone explain how Certificate Pinning works in a "trust no one"
scenario? From my understanding, the idea is that you grab the certificate for
a given domain once with the correct public key and then store it for later so
that you can be notified when you're being MitM'd. But that assumes that the
one you got was trustworthy to begin with: what happens if you're _already_ a
target or in a surveillance state and, having not previously visited the
domain before, cannot guarantee that the pinned certificate you're getting is
trustworthy?

~~~
r1ch
Pinning in this instance usually refers to hardcoding the public key or
fingerprint into the app.

------
zokier
> transmitted in plaintext over a normal TLS connection

I think we have differing views on what "plaintext" means.

Also, like it or not, it really looks like the calls are actually end-to-end
encrypted, as in the server never sees or processes the cleartext content.
Being possibly poorly designed and open to attacks does not change the
fundamental underlying model.

------
zmanian
What should happen is either

\- A shared key should be passed over the e2e text channel and used as part of
the DTLS setup. I'm unclear if this actually a possibility in WebRTC.

\- Each side can send a fingerprint of the peers public key to each other over
the text channel and the software can authenticate there is no MITM

