UPDATE 2: WhatsApp has 'critical encryption backdoor', researcher claims

News by Tom Reeve

By triggering devices to reset keys, WhatsApp could hack its own end-to-end encryption, reading users' messages, a researcher claims, while others cry "FUD".

WhatsApp, famous for providing end-to-end encryption as standard in its messaging platform, is vulnerable to a backdoor hack that means WhatsApp could intercept messages between users, according to a security researcher.

The researcher warned that WhatsApp could then hand over the messages to governments on request.

But the claim has been greeted with scepticism by other security researchers.

WhatsApp, owned by Facebook, claims that end-to-end encryption, built on the Signal protocol developed Open Whisper Systems, means that even the company itself can't read users' messages.

However, security researcher Tobias Boelter, who specialises in cryptography at the University of California, Berkeley, said this isn't true. According to him, WhatsApp can make a device generate new encryption keys, which as the service provider it could then intercept, and then trigger it to re-send any unsent messages.

Boelter told The Guardian: “If WhatsApp is asked by a government agency to disclose its messaging records, it can effectively grant access due to the change in keys.”

This information is never communicated to the recipient and the sender will only be told if he has opted-in to encryption warnings in settings – and then only after the message has been sent.

Human rights groups were quick to warn that this puts dissidents around the world in jeopardy because many of them rely on WhatsApp for secure communications.

Boelter warns that WhatsApp could deliberately manipulate the system to gain a transcript of both sides of a conversation without either user being aware of it.

The Signal protocol itself has been judged to be secure, and the Signal secure messaging app developed by Open Whisper Systems doesn't have this vulnerability. The International Association for Cryptologic Research (IACR) released a paper in November detailing a formal security audit it conducted of the Signal source code which found no discernible flaws in the architecture or implementation.

The vulnerability appears to have to do with how WhatsApp has implemented it – and rather than being a bug, one might describe it as a feature.

In fact, a company spokesperson explained that it's been put there for user convenience: it ensures that messages will be sent even if users change devices or install new SIMs in a mobile device.

The spokesperson said: “In WhatsApp's implementation of the Signal protocol, we have a ‘Show Security Notifications' setting that notifies you when a contact's security code has changed. We know the most common reasons this happens are because someone has switched phones or reinstalled WhatsApp. This is because in many parts of the world, people frequently change devices and sim cards. In these situations, we want to make sure people's messages are delivered, not lost in transit.”

Security experts have called FUD on the idea that this is an encryption backdoor, saying that it's more of a bug, albeit a big one.

Frederic Jacobs, a cryptographer whose profile says he used to work on Signal for Open Whisper Systems, wrote that there was nothing new in this vulnerability.

Security researcher “Slashcrypto” wrote in a blog post today that the “WhatsApp backdoor” is not a backdoor at all because it won't work if both users verify the fingerprints of the exchanged keys.

This is where it gets messy because, as he concedes, WhatsApp still sends the message if the keys change – it just notifies the user after the fact.

Also, according to research led by Svenja Schroder at the University of Vienna, fingerprint verification is too complex for the majority of users.

And he concludes: “When a provider says that they use end-to-end encryption and they have ‘no way of reading messages', this is definitely wrong! A provider always has the ability to intercept messages as long as the user does not verify fingerprints. With WhatsApp, it is even harder to make sure [that] no MitM takes or took place.

“WhatsApp is closed source, so who can tell, [especially] if WhatsApp just displays wrong identity keys and lets the user think that everything is perfectly OK?”

David Gibson, VP of strategy and market development at Varonis, said, “Even with applications like WhatsApp that claim no one can snoop on their users' communications many open themselves up to vulnerabilities through inadvertent or purpose-built backdoors. Constant vigilance is the name of the game for consumers and for brands like Facebook to protect the best interests of their customers."

Alan Duric, co-founder and CTO at Wire, said that if WhatsApp had been open source, the vulnerability would have been discovered sooner. “Services wanting to ensure that a security issue like this doesn't take eight months to discover – and disclose – could consider open sourcing their code to allow for more scrutiny.”

Dr. Jamie Graves, CEO at ZoneFox commented, "While a lot of the focus of this latest revelation will be on the personal implications for billions of WhatsApp users, businesses should also be extremely concerned.

“In today's world, many work related topics – often highly sensitive and at the highest levels – are shared on the platform. It now appears there has been a host of information available to anyone with the know-how to get hold of it, we can only ponder as to whether any breaches have taken place and if they have what levels of sensitive data have been taken.

“Furthermore, the advent and soaring popularity of WhatsApp desktop now means millions of employees actually use the software on company devices, providing a potentially open gate to highly sensitive company servers and information.”

Neil Cook, chief security architect at Open-Xchange, said, “WhatsApp has already broken their promise not to share user data with Facebook, and now it seems that their promise of end-to-encrypted messaging isn't quite as secure as everyone had hoped, particularly given the involvement of Open Whisper Systems.

“It's worth noting that this error in the encryption protocol is not present in Signal, so the team at WhatsApp have made the change intentionally. It's not clear at this stage if this was due to a desire to improve usability as WhatsApp seem to claim, or an intentional ‘backdoor' to appease government agencies (I lean towards the former point of view – we're all too familiar with usability features trumping security features). However, this is another example of having to take the security claims of proprietary software and service companies at face value, without easily being able to verify them.

“If the code base had been open-source then this behaviour would likely have come to light much sooner, probably almost immediately.”

Matthew Aldridge, solutions architect at Webroot, said, “The functionality is designed to create a seamless user experience for users who have connectivity issues or drop offline for a time during a conversation, but it has resulted in a situation where it could be used to intercept messages by WhatsApp. For those sending highly sensitive messages, or simply looking to avoid this, you should switch on the key change warnings in settings, and always check that the two ticks appear after sending messages in an active conversation.”


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews