Tag Archives: End-to-end encryption

WhatsApp 'Backdoor '

WhatsApp messages: Safety of encryption still under question

WhatsApp message encryption  is still under question.  The fact that messages written between users of this popular service enjoyed it because of its privacy, messages can still be read by prying eyes.

Remember the uproar over the privacy issue in the San Bernadino shooting? IPhones had additional safety features built into the phone to avoid someone seeing incriminating evidence. Yet, the FBI found its way around the First Amendment and everyone’s right to privacy, including the dead terrorists. This blogger still has her phone coded around my family just in case someone gets too nosey.

Once again, the media might be the catalyst for giving people the wrong idea concerning the safety of chatting on WhatsApp. Being able to read messages through a back door led users to Most other chat services that aren’t encrypted or as safe. Sometimes it makes this blogger wonder why the media allowed for such stupid scare tactics to occur?

My biggest concern is whether my gmail and yahoo email accounts were safe. Because the app had been compromised at yahoo for the second time my password is coded, preventing a breach. In times of war, nothing is absolute, not even the right to privacy.  In the case of the San Bernadino shooting, the FBI showed just cause in retrieving the data in the iPhone as evidence of a terrorist attack and maintained the proper warrant.

The concern over WhatsApp encrypted messages has merit. This didn’t sound so dumb to a lot of people. According to Chris Mills January 13 bog post, End-to-end encryption relies on both users having two parts of a secure key, used to encrypt and then decrypt the message. But to make sure that messages are always sent, even when the recipient is offline, Whatsapp appears to have compromised that system. According to The Guardian, “WhatsApp has the ability to force the generation of new encryption keys for offline users, unbeknown to the sender and recipient of the messages, and to make the sender re-encrypt messages with new keys and send them again for any messages that have not been marked as delivered.”

Here’s how the WhatsApp feature worked, according to Chris Smith’s January 17 blog post :

  • When a message is sent but not delivered to the recipient (you see a single tick on your sent message), WhatsApp servers will hold onto the message until it can be delivered, regardless of what happens to the receiving account.
  •  If a person — let’s call him Jay — loses a smartphone, buys a new one, or changes SIMs, but wants to keep using the same WhatsApp account, the application will warn all Jay’s contacts that their friend has changed devices, and an in-person security check might be required to verify his identity.

Now, here’s where the backdoor ‘feature’ steps in. The messages sent by all of Jay’s friends via WhatsApp will still arrive — that’s when his friends will see two ticks under their sent messages, marking the fact that the messages have been sent.

*Boelter explains that all the government has to do to spy on a specific friend of Jay’s — let’s call him Silent Bob — is to mimic  Jay’s phone using sophisticated equipment or by accessing WhatsApp’s servers. The government would then prevent the server from sending confirmation ticks to Silent Bob that his messages have been sent to Jay.

Jay, meanwhile, will not receive those messages, as they’re sent to the government’s devices. But Jay might soon realize that something is wrong with his WhatsApp app.

The gist is that Silent Bob will continue to send out messages to his friend, thinking that Jay has not seen the messages. The government would then collect that data.

In Tobias Boelter’s January 17 blog post, he stated that Facebook’s failure to acknowledge this flaw is a major concern because it allowed hackers to use this vulnerability. The collection of data  would’ve been a violation of users First Amendment right to privacy and free speech. Facebook and WhatsApp would have to keep all messages sent to an account that’s activated on a new device and prompt the senders to send them again if they want to do it. Even if it’s a hassle for the user, who sent those messages. In this case, Silent Bob’s messages that are in transit would need confirmation to be sent again to Jay.

Even though this made encrypted messages safe, it isn’t totally safe from hackers or unethical government people. Tobias Boelter showed this.

 

Sources:

Feelings Tobias Boelter’s Blog, January 17, 2017

WhatsApp vulnerability: Encryption backdoor or convenience feature? Chris Smith January 17, 2017

Whatsapp bug allows viewing of encrypted messages Chris Mills January 13, 2017

I love to write about trending topics and real life experiences. I love to read and write Science Fiction and Fantasy stories dealing with parallel worlds.