The Guardian: WhatsApp backdoor allows snooping on encrypted messages

by Volker Weber

WhatsApp’s end-to-end encryption relies on the generation of unique security keys, using the acclaimed Signal protocol, developed by Open Whisper Systems, that are traded and verified between users to guarantee communications are secure and cannot be intercepted by a middleman. However, WhatsApp has the ability to force the generation of new encryption keys for offline users, unbeknown to the sender and recipient of the messages, and to make the sender re-encrypt messages with new keys and send them again for any messages that have not been marked as delivered.

I see this as a potential threat, but not an imminent one. Solution: install Signal.

More >

Update: Statements from WhatsApp (via respected dpa journalist @CDernbach and UC Berkeley researcher Tobias Boelter. Plus a video with Tobias' talk.

[Danke, Stephan]

Comments

And I am still not on the right track...

Hubert Stettner, 2017-01-13

Nun, ich kann das technisch nicht nachvollziehen. Aber in dem update steht:

Wir verschlüsseln zwar, behalten aber einen Zweitschlüssel.

Johannes Matzke, 2017-01-14

Interesting comment from Signal on this piece from The Guardian: https://whispersystems.org/blog/there-is-no-whatsapp-backdoor/

Willy Reuter, 2017-01-15

Ja, das hatten wir gestern: https://vowe.net/archives/016177.html

Volker Weber, 2017-01-15

Recent comments

Samuel Orsenne on Ed Bott :: How to master Microsoft's free cloud storage at 15:08
Volker Weber on Ed Bott :: How to master Microsoft's free cloud storage at 12:08
Axel Koerv on Ed Bott :: How to master Microsoft's free cloud storage at 11:59
Volker Weber on Puzzling Surface Health Report at 10:59
Markus Dierker on Puzzling Surface Health Report at 09:51
Frank van Rijt on Ed Bott :: How to master Microsoft's free cloud storage at 08:29
Stephan H. Wissel on Puzzling Surface Health Report at 02:57
Volker Weber on A hot Apple autumn at 19:45
John Head on A hot Apple autumn at 19:21
Johannes Matzke on A hot Apple autumn at 16:28
Uwe Brahm on Microsoft Office 365 :: Dilettantischer Service at 15:41
Volker Weber on Microsoft Office 365 :: Dilettantischer Service at 15:25
Torben Volkmann on Microsoft Office 365 :: Dilettantischer Service at 15:13
Jens Nullmeyer on A hot Apple autumn at 15:09
Ingo Harpel on Microsoft Office 365 :: Dilettantischer Service at 14:46
Ragnar Schierholz on Microsoft Office 365 :: Dilettantischer Service at 13:50
Hubert Stettner on Microsoft Office 365 :: Dilettantischer Service at 10:02
Stefan Dorscht on Microsoft Office 365 :: Dilettantischer Service at 09:56
Heiko Voigt on Microsoft Office 365 :: Dilettantischer Service at 09:55
Moritz Dahlmann on Microsoft Office 365 :: Dilettantischer Service at 08:57
Volker Weber on Microsoft Office 365 :: Dilettantischer Service at 08:23
Jan Tietze on Microsoft Office 365 :: Dilettantischer Service at 00:32
Axel Koerv on Microsoft Office 365 :: Dilettantischer Service at 23:33
Roland Dressler on Dichtung und Wahrheit am Internetanschluss at 20:15
Marc Beckersjuergen on Dichtung und Wahrheit am Internetanschluss at 18:57

Ceci n'est pas un blog

I explain difficult concepts in simple ways. For free, and for money. Clue procurement and bullshit detection.

vowe

Contact
Publications
Stuff that works
Amazon Wish List
Frequently Asked Questions

rss feed  twitter  amazon

Local time is 08:03

visitors.gif

buy me coffee