Security Experts

by Volker Weber

Read this:

Sorry, folks, while experts are saying the encryption checks out in WhatsApp, it looks like the latest version of the app tested leaves forensic trace of all of your chats, even after you’ve deleted, cleared, or archived them… even if you “Clear All Chats”. In fact, the only way to get rid of them appears to be to delete the app entirely.

What do you take away from this? Most people read this as:

WhatsApp is unsafe.

I read this as:

Self-important prick.

Why? Because he can do it on his phone, but he can never do it on mine. Next time somebody wants to demo in a live hack how unsafe Android is, I am going to hand him my locked BlackBerry Android and tell him to make my day. Spoiler alert: he can't. Because all of his assumptions are wrong.

Slightly related: BlackBerry is already field testing the next Android patch:

ZZ0C1BBB90

Comments

Naja. Die Realität ist doch aber, dass 97% der android User mit veralteten Systemen durch die Gegend laufen. Und die meisten davon können noch nichtmal was dafür. Und diese Systeme sind dann eben tatsächlich unsicher und repräsentieren auch android als Betriebssystem.

Oder sehe ich das jetzt falsch?

Johannes Matzke, 2016-07-30

Die Zauberer erlegen Tiere, die schon gejagt wurden.

Volker Weber, 2016-07-30

Das mag wohl sein. :)

Johannes Matzke, 2016-07-30

The article refers to iOS and not to Android forensic traces. Furthermore the usage of iCloud backups are not quite uncommon.

Matthias Ritscher , 2016-07-30

Yes, I know. So Zdziarski makes a lot of assumptions. Some blogs pick up the story and leave out those assumptions. DPA expands on the story, and then lots of papers run it, because on the weekend, there is nobody present who understands what is going on.

Next thing that happens is my neighbor tells me she does not have WhatsApp and you need to send her SMS texts, because WhatsApp is unsafe.

Lets make a simple scenario:

- I have an iPhone 6s and a BlackBerry PRIV. Both are protected with a passphrase.
- I install WhatsApp on both devices.
- I send a message from one to the other.
- I delete the chats.
- I lock both devices, drive to your lab and hand them to you.
- Now you have physical access to both an Android and an iOS device.

Would you be able to tell me the content of that message within half an hour? I know you have the power of the Fraunhofer SIT Security Test Lab at your disposal. Which most likely is a lot more firepower than Zdziarski commands.

And that is actually a pretty simple scenario. The real one would be there are thousands of chats that went through WhatsApp. A few of those have been deleted some weeks ago. I have had a couple of hundred since then. And you have no idea what you are looking for.

On top of that: having physical access to both phones, while you are already sitting in your lab, fully prepared what is going to happen and knowing the scenario in advance is an advantage you would not have under normal circumstances.

Volker Weber, 2016-07-30

Zwei lange Kommentare entfernt, die das Thema wechseln wollen. "Stellen wir uns zunächst mal vor, der Panzerschrank sei offen" führt nicht weiter. Ein großer Philosoph unserer Tage hat das mal so zusammen gefasst: "Jeder hat einen Plan, bis man ihm auf's Maul haut."

Volker Weber, 2016-07-31

Recent comments

Ragnar Schierholz on Sharenting :: Growing up with parents oversharing at 13:48
Volker Weber on Aktuell meine Lieblingstastatur :: Ja, das ist mein voller Ernst at 13:03
Roland Dressler on Aktuell meine Lieblingstastatur :: Ja, das ist mein voller Ernst at 12:52
Kai Scharwacht on Sharenting :: Growing up with parents oversharing at 11:46
Volker Gronau on Sharenting :: Growing up with parents oversharing at 10:04
Lutz Hildebrandt on Sharenting :: Growing up with parents oversharing at 09:40
Kristof Doffing on Sharenting :: Growing up with parents oversharing at 08:53
Ragnar Schierholz on Sharenting :: Growing up with parents oversharing at 07:13
Dominique Roller on Aktuell meine Lieblingstastatur :: Ja, das ist mein voller Ernst at 22:50
Volker Weber on Aktuell meine Lieblingstastatur :: Ja, das ist mein voller Ernst at 22:29
Holger Wesser on Plantronics 6200 UC haben sich bewährt at 21:51
Peter Meuser on Plantronics 6200 UC haben sich bewährt at 21:49
Marklus Dierker on Aktuell meine Lieblingstastatur :: Ja, das ist mein voller Ernst at 21:19
Jens Wagner on Android Updates February 2019 at 21:08
Volker Weber on Fire TV Sticks spottbillig at 20:51
Volker Weber on Aktuell meine Lieblingstastatur :: Ja, das ist mein voller Ernst at 20:49
Markus Philippi on Aktuell meine Lieblingstastatur :: Ja, das ist mein voller Ernst at 20:32
Felix Binsack on Fire TV Sticks spottbillig at 20:06
Marklus Dierker on Aktuell meine Lieblingstastatur :: Ja, das ist mein voller Ernst at 20:02
Volker Weber on Fire TV Sticks spottbillig at 16:52
Felix Binsack on Fire TV Sticks spottbillig at 16:47
Thomas Muders on Android Updates February 2019 at 16:33
Armin Auth on Fire TV Sticks spottbillig at 15:55
Tobias Traguth on Galaxy Fold :: Ein Leuchtturm at 14:57
Maik Endler on Fire TV Sticks spottbillig at 14:07

Ceci n'est pas un blog

I explain difficult concepts in simple ways. For free, and for money. Clue procurement and bullshit detection.

vowe

Contact
Publications
Stuff that works
Amazon Wish List
Frequently Asked Questions

rss feed  twitter  amazon

Local time is 17:54

visitors.gif

buy me coffee

Paypal vowe