The Guardian: WhatsApp backdoor allows snooping on encrypted messages

by Volker Weber

WhatsApp’s end-to-end encryption relies on the generation of unique security keys, using the acclaimed Signal protocol, developed by Open Whisper Systems, that are traded and verified between users to guarantee communications are secure and cannot be intercepted by a middleman. However, WhatsApp has the ability to force the generation of new encryption keys for offline users, unbeknown to the sender and recipient of the messages, and to make the sender re-encrypt messages with new keys and send them again for any messages that have not been marked as delivered.

I see this as a potential threat, but not an imminent one. Solution: install Signal.

More >

Update: Statements from WhatsApp (via respected dpa journalist @CDernbach and UC Berkeley researcher Tobias Boelter. Plus a video with Tobias' talk.

[Danke, Stephan]

Comments

And I am still not on the right track...

Hubert Stettner, 2017-01-13 17:26

Nun, ich kann das technisch nicht nachvollziehen. Aber in dem update steht:

Wir verschlüsseln zwar, behalten aber einen Zweitschlüssel.

Johannes Matzke, 2017-01-14 06:38

Interesting comment from Signal on this piece from The Guardian: https://whispersystems.org/blog/there-is-no-whatsapp-backdoor/

Willy Reuter, 2017-01-15 16:10

Ja, das hatten wir gestern: https://vowe.net/archives/016177.html

Volker Weber, 2017-01-15 16:35

Post a comment

Store next two fields in a cookie for you?




Use your full name and a working email address. Unless you want your comment to be removed. No kidding.

Recent comments

Sven Bühler on Ferrari Evolution at 23:53
Abdelkader Boui on Concept Zero :: Echo Dot auf Steckdose montieren at 18:37
Volker Weber on udoq :: Das Ding des Jahres at 17:17
Volker Weber on Concept Zero :: Echo Dot auf Steckdose montieren at 16:04
Dirk Stelloh on Concept Zero :: Echo Dot auf Steckdose montieren at 15:59
Markus Philippi on udoq :: Das Ding des Jahres at 21:47
Armin Grewe on Major Apple Crisis at 20:25
Jens Nullmeyer on udoq :: Das Ding des Jahres at 20:24
Vitor Pereira on Attending IBM think 2018 at 19:27
Gabriella Davis on Attending IBM think 2018 at 15:15
Volker Weber on Attending IBM think 2018 at 14:00
Manfred Wiktorin on Attending IBM think 2018 at 13:59
Mick Moignard on Attending IBM think 2018 at 11:56
Volker Weber on udoq :: Das Ding des Jahres at 11:39
Ingo Spichal on udoq :: Das Ding des Jahres at 11:30
Karl Heindel on init - der Wochenausblick: Azure und Maffay, ganz nah beieinander at 10:30
Ralph Hammann on Major Apple Crisis at 10:17
Maik Endler on Wenig spannend at 09:03
Stephan Bohr on Philips Hue Aktion :: Bis zu 50 € zurück at 17:18
Volker Weber on Major Apple Crisis at 17:26
Heiko Wolf on Major Apple Crisis at 17:22
Chris frei on Your favorite messenger at 15:27
Bernd Hofmann on Major Apple Crisis at 10:09
Patrick Bohr on Your favorite messenger at 09:44
Volker Weber on Major Apple Crisis at 06:03

Ceci n'est pas un blog

I explain difficult concepts in simple ways. For free, and for money. Clue procurement and bullshit detection.

vowe

Contact
Publications
Stuff that works
Amazon Wish List
Frequently Asked Questions

rss feed  twitter

Local time is 02:23

visitors.gif