The Guardian: WhatsApp backdoor allows snooping on encrypted messages

by Volker Weber

WhatsApp’s end-to-end encryption relies on the generation of unique security keys, using the acclaimed Signal protocol, developed by Open Whisper Systems, that are traded and verified between users to guarantee communications are secure and cannot be intercepted by a middleman. However, WhatsApp has the ability to force the generation of new encryption keys for offline users, unbeknown to the sender and recipient of the messages, and to make the sender re-encrypt messages with new keys and send them again for any messages that have not been marked as delivered.

I see this as a potential threat, but not an imminent one. Solution: install Signal.

More >

Update: Statements from WhatsApp (via respected dpa journalist @CDernbach and UC Berkeley researcher Tobias Boelter. Plus a video with Tobias' talk.

[Danke, Stephan]

Comments

And I am still not on the right track...

Hubert Stettner, 2017-01-13 17:26

Nun, ich kann das technisch nicht nachvollziehen. Aber in dem update steht:

Wir verschlüsseln zwar, behalten aber einen Zweitschlüssel.

Johannes Matzke, 2017-01-14 06:38

Interesting comment from Signal on this piece from The Guardian: https://whispersystems.org/blog/there-is-no-whatsapp-backdoor/

Willy Reuter, 2017-01-15 16:10

Ja, das hatten wir gestern: https://vowe.net/archives/016177.html

Volker Weber, 2017-01-15 16:35

Recent comments

Tobias Hauser on Pi-hole on Raspberry Pi at 17:38
Volker Weber on Pi-hole on Raspberry Pi at 16:36
Patric Stiffel on Pi-hole on Raspberry Pi at 15:52
Volker Weber on Pi-hole on Raspberry Pi at 15:33
Volker Weber on Coming up :: Nokia 7 Plus at 15:32
Jochen Kattoll on Coming up :: Nokia 7 Plus at 15:01
Clemens Müller on Pi-hole on Raspberry Pi at 14:20
Michael Spreitzenbarth on Pi-hole on Raspberry Pi at 13:41
Volker Weber on Pi-hole on Raspberry Pi at 13:19
Jochen Schug on Pi-hole on Raspberry Pi at 12:30
Peter Muchmann on Alexa und die Oma at 16:27
Volker Weber on Coming up :: Nokia 7 Plus at 13:43
Volker Weber on Will a firmware update make an Onkyo receiver a Sonos player? at 13:40
Daniel Jäger on Will a firmware update make an Onkyo receiver a Sonos player? at 12:43
Felix Kluge on Coming up :: Nokia 7 Plus at 12:21
Stefan Beermann on Alexa und die Oma at 07:49
Daniel Pape on Alexa und die Oma at 23:05
Armin Roth on Will a firmware update make an Onkyo receiver a Sonos player? at 22:58
Jochen Kattoll on Alexa und die Oma at 21:29
Volker Weber on Alexa und die Oma at 18:08
Christian Just on Alexa und die Oma at 17:36
Oliver Regelmann on Alexa und die Oma at 16:57
Thomas Langel on Echo Spot oder Echo Show? at 13:15
Peter Meuser on Alexa und die Oma at 13:10
Joachim Bode on Coming up :: Nokia 7 Plus at 12:55

Ceci n'est pas un blog

I explain difficult concepts in simple ways. For free, and for money. Clue procurement and bullshit detection.

vowe

Contact
Publications
Stuff that works
Amazon Wish List
Frequently Asked Questions

rss feed  twitter amazon

Local time is 19:15

visitors.gif

buy me coffee