Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Encryption Privacy

Undisclosed WhatsApp Vulnerability Lets Governments See Who You Message (theintercept.com) 38

WhatsApp's security team warned that despite the app's encryption, users are vulnerable to government surveillance through traffic analysis, according to an internal threat assessment obtained by The Intercept. The document suggests that governments can monitor when and where encrypted communications occur, potentially allowing powerful inferences about who is conversing with whom. The report adds: Even though the contents of WhatsApp communications are unreadable, the assessment shows how governments can use their access to internet infrastructure to monitor when and where encrypted communications are occurring, like observing a mail carrier ferrying a sealed envelope. This view into national internet traffic is enough to make powerful inferences about which individuals are conversing with each other, even if the subjects of their conversations remain a mystery. "Even assuming WhatsApp's encryption is unbreakable," the assessment reads, "ongoing 'collect and correlate' attacks would still break our intended privacy model."

The WhatsApp threat assessment does not describe specific instances in which it knows this method has been deployed by state actors. But it cites extensive reporting by the New York Times and Amnesty International showing how countries around the world spy on dissident encrypted chat app usage, including WhatsApp, using the very same techniques. As war has grown increasingly computerized, metadata -- information about the who, when, and where of conversations -- has come to hold immense value to intelligence, military, and police agencies around the world. "We kill people based on metadata," former National Security Agency chief Michael Hayden once infamously quipped.
Meta said "WhatsApp has no backdoors and we have no evidence of vulnerabilities in how WhatsApp works." Though the assessment describes the "vulnerabilities" as "ongoing," and specifically mentions WhatsApp 17 times, a Meta spokesperson said the document is "not a reflection of a vulnerability in WhatsApp," only "theoretical," and not unique to WhatsApp.
This discussion has been archived. No new comments can be posted.

Undisclosed WhatsApp Vulnerability Lets Governments See Who You Message

Comments Filter:
  • by Seven Spirals ( 4924941 ) on Wednesday May 22, 2024 @01:46PM (#64491427)
    They sure hate Whatsapp and Signal. I don't use Whatsapp but all the government hate is starting to convince me. Been using Signal for a while, now. I prefer it over standard SMS since it's got higher data limits.
    • by CAIMLAS ( 41445 )

      It's pretty much out in the open at this point that WhatsApp is being actively monitored by gov't agencies in the US, and Signal was largely funded/started by the CIA.

      Nothing you do is really safe. Them attacking or discrediting these apps is just a smokescreen to help provide them with legitimacy.

      • by Anonymous Coward

        Nothing you do is really private.

        Fixed that for you.

        If you care about privacy, to begin with, you shouldn't be using closed source apps. https://jami.net/ [jami.net] Open source, E2EE, P2P privacy.

  • by Xyrx ( 109960 ) on Wednesday May 22, 2024 @01:57PM (#64491443)

    This is a lack of understanding of what end-to-end encryption is and is not.

    • This is a lack of understanding of what end-to-end encryption is and is not.

      An analogy might be that a satellite can see cars on the road, and track their travel, and perhaps determine whose cars they are, but can't see who and what are in the cars -- unless it's a convertible with the top down. :-)

      • by unrtst ( 777550 )

        Another analogy would be the one in TFS:

        like observing a mail carrier ferrying a sealed envelope.

        Sender and Recipient can be known. Contents are encrypted. Same for encrypted email, and same for HTTPS traffic to your bank or wherever.

        WhatsApp and Signal are not anonymous communication tools, and I wouldn't want them to be. I want the sender to be authenticated as being the same entity I originally trusted.

        IMO, this is mostly scaremongering to keep the plebs from making the jump to using WhatsApp and Signal as their primary messaging platform. When that happens, t

  • Backdoor (Score:2, Insightful)

    For most users on this site, this isn't our first rodeo. We've been around since Room 641A was as schizo rumor. It's painfully obvious that any popular Internet service in the US is fully backdoored.

    • by ljw1004 ( 764174 )

      It's painfully obvious that any popular Internet service in the US is fully backdoored.

      ?? This article (and the summary) make clear that this is not about backdoors, but rather about traffic analysis?

      • It's more of a general statement that it doesn't matter, because it's already backdoored, same as any popular messaging app

        • It's not, and it can't be.

          This article stems from a lack of understanding of what end-to-end encryption is.
          The messages are quite unreadable.
          It would always have been possible to derive the recipient of the message, even encrypted, by simply watching it ingress and egress the server that routes it.
          This article is about that.... fact. Only they're calling it a vulnerability.
          • Regarding my claim about backdoors:

            1. The NSA backdoors encryption algorithms. A publicly known historical example is Dual_EC_DRBG, which made its way into Windows Vista. Snowden's leaks showed that the NSA paid RSA to include it (and I'm sure that was accompanied by a gag order). Do you think this kind of thing magically stopped? Why?

            2. WhatsApp and other popular chat apps are closed source

            3. E2E encryption relies on a secure implementation for the encryption to not be vulnerable. Do you think popular clos

            • 1. The NSA backdoors encryption algorithms. A publicly known historical example is Dual_EC_DRBG, which made its way into Windows Vista. Snowden's leaks showed that the NSA paid RSA to include it (and I'm sure that was accompanied by a gag order). Do you think this kind of thing magically stopped? Why?

              Dual_EC_DRBG is not an encryption algorithm.
              It's a PRNG.
              The alleged "backdoor" is a weakness in the entropy of the PRNG.
              1) There is no proof that this backdoor exists, and nobody has been able to derive it or find it- i.e., nobody has been able to recover the seed of the PRNG based on a round of encryption. And they've been trying. For years.
              2) That PRNG had well known weaknesses before it was even standardized, and was never widely used for that reason.
              "Made its way into Windows Vista" is bullshit.
              It

              • 1. It's an algorithm used in encryption

                2. No proof? Did you search at all? https://web.archive.org/web/20... [archive.org]

                >The Times story implies that the backdoor was intentionally put there by the NSA as part of a $250-million, decade-long covert operation by the agency to weaken and undermine the integrity of a number of encryption systems used by millions of people around the world.

                But yeah, I'm sure this was an isolated incident and there's no reason to believe this has been happening, and continues to happen.

                I

                • 1. It's an algorithm used in encryption

                  It's a random number generator. You are correct that RNGs are used in encryption.
                  It is very true that predictable random numbers do indeed weaken encryption (in particular, it makes keys guessable)
                  It is an important distinction that it's an RNG, because even knowing the RNG state does *not* give you the key.
                  It is *not* an encryption protocol.

                  2. No proof? Did you search at all? https://web.archive.org/web/20 [archive.org]... [archive.org]

                  Of course, I'm well aware of the reporting on the issue.
                  Re-read that.
                  All there are, are claims.
                  There's precisely no evidence of such a backdoor. There still isn't

                  • And the final note on CVE-2015-7756:
                    It wasn't used by default, because Junipers use OpenSSL.
                    I.e., calling it a vulnerability is eye-rolling.
                    The fix for CVE-2015-7756 was removing it, even though through the lifetime of every Juniper every shipped with that PRNG in its OpenSSL library, it was executed exactly zero times.
                    It was a technical cryptographic weakness, not something that was ever exploited, or was ever shown that an exploit existed for. It was just known to be weak. The NSA also knew it was we
                  • 1. You're disagreeing with security experts on whether it's a vulnerability or not. I don't know what you're trying to prove but you won't prove it here. It was also obviously worth the NSA's time to backdoor. Do you think those multiple programs each with budges in the hundreds of millions are, what, to contribute honestly to open source programs to help their volunteer contributors?

                    Your dissenting opinion about whether these are security vulnerabilities is irrelevant. You're no security expert

                    >All ther

                    • Your dissenting opinion about whether these are security vulnerabilities is irrelevant. You're no security expert

                      Actually, I literally am.
                      I have multiple CVEs with my name attached to them, and was invited to speak at Def Con 14 for a company in Miami back in 2006.
                      It's not my primary profession, but it is something that has earned my some major notoriety, and a small fortune in donations for my work.

                      Uh-huh. They're claims with evidence that implies things. Things that allow you to reach conclusions. I find it odd that you'd choose to interpret the word "implies" in such a way that you'd cast no guilt whatosever on the organize whose purview is to literally do the thing they were accused of doing there.

                      There is precisely zero evidence. Stop lying.

                      Okay so?

                      Conspiracy theories are hypotheses held by people who don't need small inconveniences like evidence.
                      That's you. So what? It means your opinion is less than fucking useless.

                      Not really, no.

                      Yo

                    • s/is in/is not in/;
            • So if you're making a claim, usually the next step is to back that claim with specific evidence that supports the claim.

              You're claiming, with zero evidence whatsoever, that Whatsapp is "backdoored" because of a single known backdoored encryption algorithm from like 17 years ago. It's hand-wavey bullshit that you're using to try to not have to admit that you're wrong and didn't even read the summary.

              There is no known or disclosed backdoor.

              There is no known or disclosed "exploit" that won't work on literally

              • by Bongo ( 13261 )

                On a technical level, I'm sure you're correct, but I'm not so sure about the social and political aspects.

                We know for a fact, pretty much, that Western leaders were deliberately lying to their own people. For example, Tony Blair telling the nation that Saddam Hussein could launch weapons of mass destruction in 45 minutes, and on the basis of all that, you would think, with all the backing and knowledge, knowledge and insight of Western intelligence agencies, somehow backing him up, or certainly not question

                • Your logic is fundamentally broken.

                  That they would want to circumvent such a thing, and would be happy to lie about it is spot on.
                  However, extending that to, since they'd want to do a thing, they will find a way to do it, is entirely non-sequitur.
                  The Government would love to do lots of things that simply are not possible.

                  Encryption protocols are solid defenses against things the government would like to do.
                  The weaknesses can be mathematically proven, regardless of who was involved in the standardizat
    • It's also painfully obvious that you don't actually know what you're talking about.

      Whatsapp is helpfully reminding people that just because the payload is encrypted, it doesn't mean that there cannot be data derived about the source and destination while it travels through the network. You know, just like a phone call record subpoena'd from the telephone company can show who you called, but not who answered or what was discussed.

  • Timing attack (Score:5, Informative)

    by serafean ( 4896143 ) on Wednesday May 22, 2024 @02:13PM (#64491487)

    At first read, I thought that like in XMPP, some metadata wasn't e2e encrypted (such as the "TO" field). But no: this appears to essentially be a traffic analysis timing attack...

    The adversary (govt) has complete control over the network, and sees a message going from endpoint A over the network to Whatsapp servers. Then sees a message of similar (same?) size going from WhatsApp servers to a random endpoint B, and infer that A and B communicate together.

    I'm not really sure you can mitigate that without massive consequences for the users (delays or increased decoy traffic). A VPN could get one out of the monitored network, but that's a giant leap of faith.

    • The article mentions these exact two methods and possible solutions, stating that the solutions will decrease performance and slow things down for every WhatsApp user.

      One appeal of instant messaging is the "instant" part, which is what allows easy correlation by timing analysis. Adding decoy data will increase data traffic and cost. If a specific user turns on such features (delay, decoy), that in itself could make him a target.

      It seems to me that communication would be safer via a plain old https we
      • by unrtst ( 777550 )

        It seems to me that communication would be safer via a plain old https website...

        Curious... what does this solve?

        AFAICT, that's pretty much the same thing WhatsApp and Signal already do. The contents of your message are end-to-end encrypted. The communication from you to the server is encrypted between you and the server (very much like HTTPS). The communication from the server to the recipient is encrypted as well, also like HTTPS.

    • by dgatwood ( 11270 )

      At first read, I thought that like in XMPP, some metadata wasn't e2e encrypted (such as the "TO" field). But no: this appears to essentially be a traffic analysis timing attack...

      The adversary (govt) has complete control over the network, and sees a message going from endpoint A over the network to Whatsapp servers. Then sees a message of similar (same?) size going from WhatsApp servers to a random endpoint B, and infer that A and B communicate together.

      I'm not really sure you can mitigate that without massive consequences for the users (delays or increased decoy traffic). A VPN could get one out of the monitored network, but that's a giant leap of faith.

      Step 1: Pad all small packets to the 99th percentile packet size. If the majority of your traffic is the same size or a small number of sizes, an adversary can't use the size of the chunks to reduce the comparison space meaningfully.

      Step 2: Send out one packet to the client once per second, no matter what.

      Step 3: Defer packets sent out to the client until the next one-second boundary.

      You have now completely thwarted timing analysis. Do this by default for all connections. No one will notice the average 0

      • > Pad all small packets to the 99th percentile packet size

        Please no, this only makes the issue worse: tracking the 1% of bigger packets on the network increases the confidence of a good correlation of parties.
        You'd need to only send packets of the same size, and reconstruct bigger messages on the device, or not allow bigger messages.

        > unless the government is monitoring two specific people to see if they are communicating.

        That's exactly what they're doing, at scale: monitoring specifically everybody.

  • by YuppieScum ( 1096 ) on Wednesday May 22, 2024 @02:14PM (#64491493) Journal

    ...but the address is written on the outside.

    The message might be end-to-end encrypted, but the destination must be visible to the WhatsApp servers, and so to the Facebook/Meta data mining and advertising behemoth.

    • This is actually untrue.
      This is why we have asymmetric encryption.
      Address is encrypted by sender with a key that only Meta can decrypt. They then decrypt, and forward.

      This isn't about that- this is about them figuring out what's going by analyzing the messages at ingress and egress and "estimating what matches to what"
      It can be mitigated against, but it will require active countermeasures on the part of the clients, and Metas server to securely agree on random padding to add and remove the the messages
  • by EkriirkE ( 1075937 ) on Wednesday May 22, 2024 @02:18PM (#64491503) Homepage
    Only now that it's been revealed, we will call it a "vulnerability"
  • ...feature.
  • The same problem was identified years ago when encrypted email first started being used. The solution for that was chaining remailers that forward messages out of order. It adds a delay, but for email or text messages that is a minor concern. Each remailer only knows who it received a message from and who it sent a message to. No remailer knows both. Whatsapp could easily add auch a feature by having servers chain the messages through multiple countries. See https://en.wikipedia.org/wiki/... [wikipedia.org]

    • by unrtst ( 777550 )

      ... or host the service on Tor and route it over the onion network? But that also adds significant lag.

  • Traffic analysis [wikipedia.org] is the process of intercepting and examining messages in order to deduce information from patterns in communication.”

I'd rather just believe that it's done by little elves running around.

Working...