The Guardian: WhatsApp backdoor allows snooping on encrypted messages

by Volker Weber

WhatsApp’s end-to-end encryption relies on the generation of unique security keys, using the acclaimed Signal protocol, developed by Open Whisper Systems, that are traded and verified between users to guarantee communications are secure and cannot be intercepted by a middleman. However, WhatsApp has the ability to force the generation of new encryption keys for offline users, unbeknown to the sender and recipient of the messages, and to make the sender re-encrypt messages with new keys and send them again for any messages that have not been marked as delivered.

I see this as a potential threat, but not an imminent one. Solution: install Signal.

More >

Update: Statements from WhatsApp (via respected dpa journalist @CDernbach and UC Berkeley researcher Tobias Boelter. Plus a video with Tobias' talk.

[Danke, Stephan]

Comments

And I am still not on the right track...

Hubert Stettner, 2017-01-13

Nun, ich kann das technisch nicht nachvollziehen. Aber in dem update steht:

Wir verschlüsseln zwar, behalten aber einen Zweitschlüssel.

Johannes Matzke, 2017-01-14

Interesting comment from Signal on this piece from The Guardian: https://whispersystems.org/blog/there-is-no-whatsapp-backdoor/

Willy Reuter, 2017-01-15

Ja, das hatten wir gestern: https://vowe.net/archives/016177.html

Volker Weber, 2017-01-15

Recent comments

Johannes Matzke on ANC Headphones :: Beats vs Bose vs Microsoft vs Sony at 18:49
Sven Richert on AutoSleep Tracking mit der Apple Watch at 13:46
Karl Heindel on Empathy and innovation :: this is not your dad's Microsoft anymore at 09:25
Karl Heindel on AutoSleep Tracking mit der Apple Watch at 09:23
Matthias Lorz on Empathy and innovation :: this is not your dad's Microsoft anymore at 07:39
Volker Gronau on ANC Headphones :: Beats vs Bose vs Microsoft vs Sony at 05:13
Ben Langhinrichs on Empathy and innovation :: this is not your dad's Microsoft anymore at 23:50
Bernd Hofmann on Empathy and innovation :: this is not your dad's Microsoft anymore at 21:55
Hubert Stettner on Empathy and innovation :: this is not your dad's Microsoft anymore at 21:54
Daniel Gebauer on AutoSleep Tracking mit der Apple Watch at 21:02
Jens Becker on ANC Headphones :: Beats vs Bose vs Microsoft vs Sony at 14:06
Mark Dörbandt on Jetzt auf meinem Sonos :: Das Radio der von Neil Young Getöteten at 13:38
christoph Graber on Jetzt auf meinem Sonos :: Das Radio der von Neil Young Getöteten at 12:53
Ahmad Masrieh on AutoSleep Tracking mit der Apple Watch at 11:53
Norbert Niemeyer on ANC Headphones :: Beats vs Bose vs Microsoft vs Sony at 11:51
Henning Heinz on Barry Gibb :: The Last Bee Gee at 11:12
Volker Weber on ANC Headphones :: Beats vs Bose vs Microsoft vs Sony at 11:03
Dominique Roller on ANC Headphones :: Beats vs Bose vs Microsoft vs Sony at 10:49
Volker Weber on Barry Gibb :: The Last Bee Gee at 10:26
Henning Heinz on Barry Gibb :: The Last Bee Gee at 10:24
Ragnar Schierholz on AutoSleep Tracking mit der Apple Watch at 09:47
Christian Heindel on AutoSleep Tracking mit der Apple Watch at 09:26
Volker Weber on AutoSleep Tracking mit der Apple Watch at 08:59
Jochen Schug on AutoSleep Tracking mit der Apple Watch at 08:57
Volker Weber on Invoxia Pet Tracker :: Ein kleiner Zwischenstand at 20:37

Ceci n'est pas un blog

I explain difficult concepts in simple ways. For free, and for money. Clue procurement and bullshit detection.

vowe

Contact
Publications
Stuff that works
Amazon Wish List
Frequently Asked Questions

rss feed  twitter  amazon

Local time is 05:09

visitors.gif

buy me coffee

Paypal vowe