The Guardian: WhatsApp backdoor allows snooping on encrypted messages

by Volker Weber

WhatsApp’s end-to-end encryption relies on the generation of unique security keys, using the acclaimed Signal protocol, developed by Open Whisper Systems, that are traded and verified between users to guarantee communications are secure and cannot be intercepted by a middleman. However, WhatsApp has the ability to force the generation of new encryption keys for offline users, unbeknown to the sender and recipient of the messages, and to make the sender re-encrypt messages with new keys and send them again for any messages that have not been marked as delivered.

I see this as a potential threat, but not an imminent one. Solution: install Signal.

More >

Update: Statements from WhatsApp (via respected dpa journalist @CDernbach and UC Berkeley researcher Tobias Boelter. Plus a video with Tobias' talk.

[Danke, Stephan]

Comments

And I am still not on the right track...

Hubert Stettner, 2017-01-13

Nun, ich kann das technisch nicht nachvollziehen. Aber in dem update steht:

Wir verschlüsseln zwar, behalten aber einen Zweitschlüssel.

Johannes Matzke, 2017-01-14

Interesting comment from Signal on this piece from The Guardian: https://whispersystems.org/blog/there-is-no-whatsapp-backdoor/

Willy Reuter, 2017-01-15

Ja, das hatten wir gestern: https://vowe.net/archives/016177.html

Volker Weber, 2017-01-15

Recent comments

Ragnar Schierholz on Surface Pro X grenzt an Zauberei at 13:58
Volker Weber on Surface Pro X grenzt an Zauberei at 13:31
Marco Schirmer on Surface Pro X grenzt an Zauberei at 13:19
Simon Steinhage on Surface Pro X grenzt an Zauberei at 09:51
Volker Weber on Surface Pro X grenzt an Zauberei at 08:41
Christian Just on Surface Pro X grenzt an Zauberei at 08:38
Johannes Neubrecht on Surface Pro X grenzt an Zauberei at 08:28
Volker Weber on Surface Pro X grenzt an Zauberei at 08:22
Johannes Neubrecht on Surface Pro X grenzt an Zauberei at 08:19
Volker Weber on Fritz!Fon C4, C5 und C6 :: Stuff that works at 21:21
Markus Schott on Fritz!Fon C4, C5 und C6 :: Stuff that works at 17:03
Sven Thomsen on Viele neue Echos :: Amazon rüstet massiv auf at 07:55
Jonas Rathert on Critical Intel Thunderbolt Software and Firmware Updates - ThinkPad at 12:29
Manfred Wiktorin on Beats Solo Pro with ANC at 10:33
Tim Bellinghausen on Losing your laptop at 10:17
Andreas Kurtz on Losing your laptop at 08:28
Philipp Haun on Losing your laptop at 06:40
Volker Butterstein on Share music on two headphones from iPhone at 06:36
Maximilian von Hulewicz on Beats Solo Pro with ANC at 11:18
Maximilian von Hulewicz on Google Pixel 4 vorgestellt at 11:17
Felix Binsack on Beats Solo Pro with ANC at 10:54
Volker Weber on Beats Solo Pro with ANC at 23:33
Adrian Woizik on Beats Solo Pro with ANC at 23:08
Volker Weber on Beats Solo Pro with ANC at 22:42
Adrian Woizik on Beats Solo Pro with ANC at 22:40

Ceci n'est pas un blog

I explain difficult concepts in simple ways. For free, and for money. Clue procurement and bullshit detection.

vowe

Contact
Publications
Stuff that works
Amazon Wish List
Frequently Asked Questions

rss feed  twitter  amazon

Local time is 18:33

visitors.gif

buy me coffee

Paypal vowe