The Guardian: WhatsApp backdoor allows snooping on encrypted messages

by Volker Weber

WhatsApp’s end-to-end encryption relies on the generation of unique security keys, using the acclaimed Signal protocol, developed by Open Whisper Systems, that are traded and verified between users to guarantee communications are secure and cannot be intercepted by a middleman. However, WhatsApp has the ability to force the generation of new encryption keys for offline users, unbeknown to the sender and recipient of the messages, and to make the sender re-encrypt messages with new keys and send them again for any messages that have not been marked as delivered.

I see this as a potential threat, but not an imminent one. Solution: install Signal.

More >

Update: Statements from WhatsApp (via respected dpa journalist @CDernbach and UC Berkeley researcher Tobias Boelter. Plus a video with Tobias' talk.

[Danke, Stephan]

Comments

And I am still not on the right track...

Hubert Stettner, 2017-01-13

Nun, ich kann das technisch nicht nachvollziehen. Aber in dem update steht:

Wir verschlüsseln zwar, behalten aber einen Zweitschlüssel.

Johannes Matzke, 2017-01-14

Interesting comment from Signal on this piece from The Guardian: https://whispersystems.org/blog/there-is-no-whatsapp-backdoor/

Willy Reuter, 2017-01-15

Ja, das hatten wir gestern: https://vowe.net/archives/016177.html

Volker Weber, 2017-01-15

Recent comments

Jörg Wölker on Anrufqualität at 12:31
Volker Weber on Lenovo Smart Clock Essential at 08:29
Stefan Niemeier on Lenovo Smart Clock Essential at 08:25
Volker Weber on Lenovo Smart Clock Essential at 21:51
David Guillaume on Lenovo Smart Clock Essential at 21:46
Richard Albury on No battery woes on Apple Watch 6 at 18:56
Stefan Pfeiffer on Apple Watch 6 :: Erste Eindrücke at 16:02
Eric Bredtmann on Leatherman Free T4 :: Das hat sich bewährt at 19:53
Volker Weber on Leatherman Free T4 :: Das hat sich bewährt at 19:36
Volker Weber on No battery woes on Apple Watch 6 at 19:25
Dominique Roller on Leatherman Free T4 :: Das hat sich bewährt at 17:03
Bernd Hofmann on No battery woes on Apple Watch 6 at 16:33
Jan Van Puyvelde on Lenovo Yoga Slim 7 i7/16/1000 :: Erste Eindrücke at 14:30
Volker Weber on Lenovo Yoga Slim 7 i7/16/1000 :: Erste Eindrücke at 13:37
Volker Weber on No battery woes on Apple Watch 6 at 13:34
Dominique Roller on No battery woes on Apple Watch 6 at 13:31
michael rother on Lenovo Yoga Slim 7 i7/16/1000 :: Erste Eindrücke at 06:40
Jan Van Puyvelde on Lenovo Yoga Slim 7 i7/16/1000 :: Erste Eindrücke at 02:22
Volker Weber on Der Solo Loop ist toll at 15:04
Manfred Wiktorin on Der Solo Loop ist toll at 13:32
Bernd Hofmann on Apple Watch 6 :: Erste Eindrücke at 12:11
Volker Weber on Apple Watch 6 :: Erste Eindrücke at 10:06
Sascha Westphal on Apple Watch 6 :: Erste Eindrücke at 08:30
Valentin Woelm on Apple Watch 6 :: Erste Eindrücke at 23:26
Jochen Kattoll on Scanning websites with Blacklight at 22:54

Ceci n'est pas un blog

I explain difficult concepts in simple ways. For free, and for money. Clue procurement and bullshit detection.

vowe

Contact
Publications
Stuff that works
Amazon Wish List
Frequently Asked Questions

rss feed  twitter  amazon

Local time is 12:37

visitors.gif

Paypal vowe