Alleged backdoor discovered in WhatsApp could allow governments to read encrypted messages

William Gayde

Posts: 382   +5

An alleged backdoor in WhatsApp's end-to-end encryption protocol is said to have the power to allow Facebook or government agencies to listen in on unsuspecting users. WhatsApp has claimed that no one, not even Facebook staff, can access the messages of WhatsApp's more than one billion users.

The alleged backdoor was discovered by University of California, Berkeley security researcher Tobias Boelter. He described it in detail to The Guardian, explaining it allows WhatsApp to intercept messages by forcing a new security key to be generated. For messages that have not been marked as delivered, WhatsApp can have messages be re-encrypted and re-sent using a new key that they know and provide. If the recipient is offline, they are not made aware of this change in encryption and the sender is only notified if they opt-in to encryption warnings. 

WhatsApp uses the Signal Protocol just like Open Whisper Systems' Signal Private Messenger. However, this underlying weakness not inherent to the Signal protocol. If the key is changed in Signal, the messages will just fail to be delivered. WhatsApp instead automatically tries to resend the message with a new key without warning. Boelter said he reported this issue to Facebook back in April of 2016 but was told it was "expected behavior" and wasn't being worked on.

The vulnerability has been called a "gold mine for security agencies", a "huge betrayal of trust", and a "threat to freedom of speech" by other security experts. Others are framing it as a decision between user experience and security -- where WhatsApp chose the former due to its massive user base.

For those that are looking for secure communication above all, the best alternative is to use a dedicated app like Signal, as recommended by NSA whistle blower Edward Snowden.

Permalink to story.

 
Oh finally I get to see those nudes my sisters been sending, now I think about it I can actually look at all my teachers pics on whatsapp :DDDDD
 
Did you really expect anything less from this spy program? If you want real encryption buy a encrypted phone and forget the rest. This was typed on my secure Windows 3.1 operating system.
 
Use this mind set. If you don't want the entire world to know what you're writing/sending. Then don't write/send it. Nothing is totally secure.
 
Oh, he is welcome to read my messages, and kiss my a** at the same time .... if he's capable of duel tasking .....
 
Can anyone recommend a non-giant (facebook, google, etc) owned messaging app taht works between ios and android that doesnt suck?
 
For those that are looking for secure communication above all, the best alternative is to use a dedicated app like Signal, as recommended by NSA whistle blower Edward Snowden

Can we please stop calling him a whistle blower. He isn't protected from whistle blowing laws for a few reasons. The biggest being 98% of the stuff he stole wasn't about government surveillance it was just a huge pile of very important secrets . It's all in the newly unclassified intelligence report... http://intelligence.house.gov/uploadedfiles/hpsci_snowden_review_declassified.pdf

(I can't copy and paste from that doc - cause it's a PDF, but just read the bottom paragraph of page 2.)

I know the skeptics will say 'But that's what they WANT you to believe...' And that's true - they want you to believe the truth. Snowden said he may have accidentally 'touched' over a million documents that had nothing to do with Prism or wiretapping - yet the software that logs whether files are copied shows that he stole all that stuff. And then brought it to Russia.
 
Can anyone recommend a non-giant (facebook, google, etc) owned messaging app taht works between ios and android that doesnt suck?
Would depend on how you define suck. Since it is different for everyone, I would say Facebook messenger is easily the best of all the dozen or so I have ever tried/been on.
 
For those that are looking for secure communication above all, the best alternative is to use a dedicated app like Signal, as recommended by NSA whistle blower Edward Snowden

Can we please stop calling him a whistle blower. He isn't protected from whistle blowing laws for a few reasons. The biggest being 98% of the stuff he stole wasn't about government surveillance it was just a huge pile of very important secrets . It's all in the newly unclassified intelligence report... http://intelligence.house.gov/uploadedfiles/hpsci_snowden_review_declassified.pdf

(I can't copy and paste from that doc - cause it's a PDF, but just read the bottom paragraph of page 2.)

I know the skeptics will say 'But that's what they WANT you to believe...' And that's true - they want you to believe the truth. Snowden said he may have accidentally 'touched' over a million documents that had nothing to do with Prism or wiretapping - yet the software that logs whether files are copied shows that he stole all that stuff. And then brought it to Russia.
Just because he isn't protected by the laws doesn't mean he's not a whistle blower. What kind of logic is that? I can't even...

Also, he gave all his stuff to journalists, so they could choose what was responsible to release.

He told the world about important invasions of privacy, of the huge overreach of the us government and thus also helped highlight american hypocrisy(since it's easy for republicans to blame china or russia for hacking or spying for instance, while not mentioning what we're doing).

He also didn't go to Russia first anyway and even if he did, so what. It's a statement about how poor the US espionage act laws are, if a man has got to hold up in russia for fear of not being treated fairly..He's a hero and a whistle blower.
 
For those that are looking for secure communication above all, the best alternative is to use a dedicated app like Signal, as recommended by NSA whistle blower Edward Snowden

Can we please stop calling him a whistle blower. He isn't protected from whistle blowing laws for a few reasons. The biggest being 98% of the stuff he stole wasn't about government surveillance it was just a huge pile of very important secrets . It's all in the newly unclassified intelligence report... http://intelligence.house.gov/uploadedfiles/hpsci_snowden_review_declassified.pdf

(I can't copy and paste from that doc - cause it's a PDF, but just read the bottom paragraph of page 2.)

I know the skeptics will say 'But that's what they WANT you to believe...' And that's true - they want you to believe the truth. Snowden said he may have accidentally 'touched' over a million documents that had nothing to do with Prism or wiretapping - yet the software that logs whether files are copied shows that he stole all that stuff. And then brought it to Russia.
Just because he isn't protected by the laws doesn't mean he's not a whistle blower. What kind of logic is that? I can't even...

Also, he gave all his stuff to journalists, so they could choose what was responsible to release.

He told the world about important invasions of privacy, of the huge overreach of the us government and thus also helped highlight american hypocrisy(since it's easy for republicans to blame china or russia for hacking or spying for instance, while not mentioning what we're doing).

He also didn't go to Russia first anyway and even if he did, so what. It's a statement about how poor the US espionage act laws are, if a man has got to hold up in russia for fear of not being treated fairly..He's a hero and a whistle blower.

He is far from being the victim though, Mike is right. If he actually just released the Prism stuff I could have been on his side. He admitted he didn't look at everything he removed from the NSA. Also please don't tell me you believe Russia practically invited him to stay with them and gave him a house etc. for nothing!
 
He is far from being the victim though, Mike is right. If he actually just released the Prism stuff I could have been on his side. He admitted he didn't look at everything he removed from the NSA. Also please don't tell me you believe Russia practically invited him to stay with them and gave him a house etc. for nothing!
The Prism stuff is not enough, when there's so many other programs. Seriously, you guys do like shooting yourselves in the foot don't you? And you refuse to believe russia can do anything nice? That's a fail IMO. Such suspicion. It's a huge political win for russia on its own - that's getting something, no?
 
The Prism stuff is not enough, when there's so many other programs. Seriously, you guys do like shooting yourselves in the foot don't you? And you refuse to believe russia can do anything nice? That's a fail IMO. Such suspicion. It's a huge political win for russia on its own - that's getting something, no?
My problem with Russia is that it is being run by someone who is addicted to power and people like that only do something if it will benefit them.

Also interesting you side with Russia when Russia tightly controls and influences the media and other communications to suit its current policy.
 
My problem with Russia is that it is being run by someone who is addicted to power and people like that only do something if it will benefit them.

Also interesting you side with Russia when Russia tightly controls and influences the media and other communications to suit its current policy.
Yea and as I'm pointing out (or trying to lol), that's a hypocritical stance to take, given that the us does the same thing as Putin/Russia. If not more and/or worse things. It could be he/they are addicted to power, but are you saying the Us is not?

US media is just as horrible as Russian media. The MSM is not free, just because it's not located in russia. I could say the same to you - interesting you side with the us, when it has a record of international spying, hacking, illegal invasions and arming of terrorist groups. So it's just a bit lame to say man, no offence.
 
Yea and as I'm pointing out (or trying to lol), that's a hypocritical stance to take, given that the us does the same thing as Putin/Russia. If not more and/or worse things. It could be he/they are addicted to power, but are you saying the Us is not?

US media is just as horrible as Russian media. The MSM is not free, just because it's not located in russia. I could say the same to you - interesting you side with the us, when it has a record of international spying, hacking, illegal invasions and arming of terrorist groups. So it's just a bit lame to say man, no offence.
Every major power throughout human history has taken part in spying, illegal invasion, etc. Recent events such as Trump coming to power & Britain leaving the EU show that it is possible to change direction & leaders(even if its rare) - try getting Putin out of his position democratically.
US & western media doesn't bow to the political elite IMO, and what isn't aired by the mainstream media is generally aired by smaller internet based news outlets and then gains traction.
Anyway we digress and at the end of the day we are unlikely to ever agree.
 
Every major power throughout human history has taken part in spying, illegal invasion, etc. Recent events such as Trump coming to power & Britain leaving the EU show that it is possible to change direction & leaders(even if its rare) - try getting Putin out of his position democratically.
US & western media doesn't bow to the political elite IMO, and what isn't aired by the mainstream media is generally aired by smaller internet based news outlets and then gains traction.
Anyway we digress and at the end of the day we are unlikely to ever agree.
If every major power has done it, why bother to make it a problem if and when Russia as doing it? Seems like a cop out. Not that I disagree that many tend to do it.

Western media is owned by the elite - surely you see and accept that as fact. It's just censorship by omission. Why else all the hostility towards China/Russia/Iran etc.? Because the MSM never tells people the story of the other side. It's just "Russia did this", "Iran is a threat because of that" and so on. And you also know that the smaller internet based outlets don't get even half as much coverage or reach.
 
How much did Facebook buy WhatsApp for?

Is anyone surprised that the company that make money by selling user information has a backdoor in their 'encrypted' messaging service? The panic about unencrypted messengers came about just after Facebook made their purchase, and Facebook knew from the start that they could link Facebook profiles to WhatsApp profiles, would they really de-monetize one of their biggest investments right after buying it? Not
chance.

Telegram may not be Ft. Knox because they rolled their own encryption, but at least the holes remain theoretical ones and not demonstrated ones - and who uses Signal, aside from computer security researchers?
 
Can anyone recommend a non-giant (facebook, google, etc) owned messaging app taht works between ios and android that doesnt suck?
Signal?

I like Telegram messenger. Works on iOS, Android, Windows, and macOS/OSX, and unlike Signal, it actually has a user base.

Just be aware that they made their own encryption by baking together two older encryption methods, each one covering the weaknesses of the other. There has been a white paper written on how one would theoretically defeat Telegram's encryption, but no one has managed to get it to work in practice just yet.
 
Every major power throughout human history has taken part in spying, illegal invasion, etc. Recent events such as Trump coming to power & Britain leaving the EU show that it is possible to change direction & leaders(even if its rare) - try getting Putin out of his position democratically.
US & western media doesn't bow to the political elite IMO, and what isn't aired by the mainstream media is generally aired by smaller internet based news outlets and then gains traction.
Anyway we digress and at the end of the day we are unlikely to ever agree.
If every major power has done it, why bother to make it a problem if and when Russia as doing it? Seems like a cop out. Not that I disagree that many tend to do it.

Western media is owned by the elite - surely you see and accept that as fact. It's just censorship by omission. Why else all the hostility towards China/Russia/Iran etc.? Because the MSM never tells people the story of the other side. It's just "Russia did this", "Iran is a threat because of that" and so on. And you also know that the smaller internet based outlets don't get even half as much coverage or reach.
If any government does it, they should be called out on it. This includes the US and Russia and all others that have been doing so over the ages. Its tyranny as I see it, and that is why Snowden did what he did. It is wrong when done to any nation's people because it is oppressive, and no matter what nation, they should be called out on it.

Media sources have to pick what they run. Both ends of the spectrum cherry pick to their own ends. Somewhere within the cherry-picking is the truth. IMO, it is unfortunate that things have become as they are, however, when we start blowing things off as fake news, we blind ourselves to any modicum of truth that may be contained in the cherry-picked stories. If you ask me, it is entirely possible than anyone blowing off a story as fake news is doing so because the modicum of truth contained within reveals the inconvenient.
 
Back