This article is from the source 'guardian' and was first published or seen
on .
It last changed over 40 days ago and won't be checked again for changes.
WhatsApp vulnerability allows snooping on encrypted messages
WhatsApp design feature means some encrypted messages could be read by third party
(5 months later)
A security vulnerability that can be used to allow Facebook and others to intercept and read encrypted messages has been found within its WhatsApp messaging service.
A design feature that could potentially allow some encrypted messages to reach unintended recipients is present within the WhatsApp messaging service.
Facebook claims that no one can intercept WhatsApp messages, not even the company and its staff, ensuring privacy for its billion-plus users. But new research shows that the company could in fact read some messages due to the way WhatsApp has implemented its end-to-end encryption protocol.
Facebook-owned WhatsApp, which has about one billion users, has not made it widely known that there is an aspect of WhatsApp that results in some messages being re-encrypted and resent automatically, without first giving the sender an opportunity to verify the recipient.
Privacy campaigners said the vulnerability is a “huge threat to freedom of speech” and warned it could be used by government agencies as a backdoor to snoop on users who believe their messages to be secure.
Campaigners have expressed concern about how this aspect of WhatsApp could potentially be exploited to conduct surveillance.
Some security experts say that the vulnerability is a known and acceptable “trade-off” that makes sense for the majority of WhatsApp’s users, since it makes the app easier to use on a day to day basis. They describe the risk to most users as “remote” since the vulnerability only allows the targeting of individuals or groups of individuals at specific times, rather than widespread mass surveillance of WhatsApp users, and urge users not to switch to less secure platforms.
WhatsApp has made privacy and security a primary selling point, and has become a go-to communications tool of activists, dissidents and diplomats.
WhatsApp has made privacy and security a primary selling point, and has become a go to communications tool of activists, dissidents and diplomats.
Its end-to-end encryption relies on the generation of unique security keys using the acclaimed Signal protocol, developed by Open Whisper Systems. Keys are exchanged between users to guarantee communications are secure from interception by middlemen.
WhatsApp’s end-to-end encryption relies on the generation of unique security keys, using the acclaimed Signal protocol, developed by Open Whisper Systems, that are traded and verified between users to guarantee communications are secure and cannot be intercepted by a middleman.
The way WhatsApp implemented the protocol, new keys are generated when – for example – a user gets a new phone or reinstalls the app. Messages for the user which may have been waiting to be delivered while the user was offline are then re-encrypted and resent by the sender automatically, without the sender having had an opportunity to verify that the recipient is the person intended to receive the message. A sender is notified after the event if the sender has opted to turn on a notification in settings, but not otherwise.
However, WhatsApp has the ability to force the generation of new encryption keys for offline users, unbeknown to the sender and recipient of the messages, and to make the sender re-encrypt messages with new keys and send them again for any messages that have not been marked as delivered.
This aspect of WhatsApp, which increases convenience and reliability of message delivery at the cost of some security, is not inherent to the Signal protocol. Open Whisper Systems’ messaging app – also called Signal – works differently.
The recipient is not made aware of this change in encryption, while the sender is only notified if they have opted-in to encryption warnings in settings, and only after the messages have been re-sent. This re-encryption and rebroadcasting of previously undelivered messages effectively allows WhatsApp to intercept and read some users’ messages.
If a recipient’s security key changes while offline, an in-transit message will fail to be delivered and the sender will be notified of the change in security keys without the message having been resent automatically. This approach is known as “blocking”; the WhatsApp approach is called “non-blocking”.
The security loophole was discovered by Tobias Boelter, a cryptography and security researcher at the University of California, Berkeley. He told the Guardian: “If WhatsApp is asked by a government agency to disclose its messaging records, it can effectively grant access due to the change in keys.”
WhatsApp’s online explanatory material states in part: “At times, the security codes used in end-to-end encryption may change. This is likely because someone reinstalled WhatsApp or switched phones.” It does not appear to detail the automatic resending aspect of in-transit messages.
The vulnerability is not inherent to the Signal protocol. Open Whisper Systems’ messaging app, Signal, the app used and recommended by whistleblower Edward Snowden, does not suffer from the same vulnerability. If a recipient changes the security key while offline, for instance, a sent message will fail to be delivered and the sender will be notified of the change in security keys without automatically resending the message.
This re-encryption and rebroadcasting of previously undelivered messages could potentially allow a third party to intercept and read a user’s undelivered messages in a situation where, for example, they had stolen a user’s sim card. When the third party put the stolen sim card in another phone, they could then theoretically collect any messages that had not yet been delivered to the user in question. (See first endnote.)
WhatsApp’s implementation automatically resends an undelivered message with a new key without warning the user in advance or giving them the ability to prevent it.
Many security experts, however, say that the feature is a known and acceptable trade-off that makes sense for the majority of WhatsApp’s users, since it makes the app easier to use on a day-to-day basis.
Boelter reported the vulnerability to Facebook in April 2016, but was told that Facebook was aware of the issue, that it was “expected behaviour” and wasn’t being actively worked on. The Guardian has verified the loophole still exists.
They describe the risk to most users as remote. In essence the experts say the threat to security is small and unlikely and would be very difficult even for a sophisticated attacker, who would have other ways to target someone. Timing would be hard and available messages few. The trade-off only allows potential targeting of individuals, not mass surveillance.
Steffen Tor Jensen, head of information security and digital counter-surveillance at the European-Bahraini Organisation for Human Rights, verified Boelter’s findings. He said: “WhatsApp can effectively continue flipping the security keys when devices are offline and re-sending the message, without letting users know of the change till after it has been made, providing an extremely insecure platform.”
The group of experts urge WhatsApp users not to switch to less secure platforms. They point out that WhatsApp’s popularity means some users may be safer in this big crowd. If they switched to a service which was more secure but had relatively few users it might mark them out as an activist.
Boelter said: “[Some] might say that this vulnerability could only be abused to snoop on ‘single’ targeted messages, not entire conversations. This is not true if you consider that the WhatsApp server can just forward messages without sending the ‘message was received by recipient’ notification (or the double tick), which users might not notice. Using the retransmission vulnerability, the WhatsApp server can then later get a transcript of the whole conversation, not just a single message.”
A WhatsApp spokesperson told the Guardian: “Over one billion people use WhatsApp today because it is simple, fast, reliable and secure. At WhatsApp, we’ve always believed that people’s conversations should be secure and private. Last year, we gave all our users a better level of security by making every message, photo, video, file and call end-to-end encrypted by default. As we introduce features like end-to-end encryption, we focus on keeping the product simple and take into consideration how it’s used every day around the world.
The vulnerability calls into question the privacy of messages sent across the service, which is used around the world, including by people living in oppressive regimes.
“In WhatsApp’s implementation of the Signal protocol, we have a ‘Show Security Notifications’ setting (option under Settings > Account > Security) that notifies you when a contact’s security code has changed. We know the most common reasons this happens are because someone has switched phones or reinstalled WhatsApp. This is because in many parts of the world, people frequently change devices and sim cards. In these situations, we want to make sure people’s messages are delivered, not lost in transit.”
Professor Kirstie Ball, co-director and founder of the Centre for Research into Information, Surveillance and Privacy, called the existence of a vulnerability within WhatsApp’s encryption “a gold mine for security agencies” and “a huge betrayal of user trust”. She added: “It is a huge threat to freedom of speech, for it to be able to look at what you’re saying if it wants to. Consumers will say, I’ve got nothing to hide, but you don’t know what information is looked for and what connections are being made.”
Asked to comment specifically on whether Facebook/WhatApp had accessed users’ messages and whether it had done so at the request of government agencies or other third parties, the company directed the Guardian to its site that details aggregate data on government requests by country.
In the UK, the recently passed Investigatory Powers Act allows the government to intercept bulk data of users held by private companies, without suspicion of criminal activity, similar to the activity of the US National Security Agency uncovered by the Snowden revelations. The government also has the power to force companies to “maintain technical capabilities” that allow data collection through hacking and interception, and requires companies to remove “electronic protection” from data. Intentional or not, WhatsApp’s vulnerability to the end-to-end encryption could be used in such a way to facilitate government interception.
WhatsApp added later: “WhatsApp does not give governments a ‘backdoor’ into its systems and would fight any government request to create a backdoor.”
Jim Killock, executive director of Open Rights Group, said: “If companies claim to offer end-to-end encryption, they should come clean if it is found to be compromised ... In the UK, the Investigatory Powers Act means that technical capability notices could be used to compel companies to introduce flaws – which could leave people’s data vulnerable.”
A WhatsApp spokesperson told the Guardian: “Over 1 billion people use WhatsApp today because it is simple, fast, reliable and secure. At WhatsApp, we’ve always believed that people’s conversations should be secure and private. Last year, we gave all our users a better level of security by making every message, photo, video, file and call end-to-end encrypted by default. As we introduce features like end-to-end encryption, we focus on keeping the product simple and take into consideration how it’s used every day around the world.
“In WhatsApp’s implementation of the Signal protocol, we have a “Show Security Notifications” setting (option under Settings > Account > Security) that notifies you when a contact’s security code has changed. We know the most common reasons this happens are because someone has switched phones or reinstalled WhatsApp. This is because in many parts of the world, people frequently change devices and Sim cards. In these situations, we want to make sure people’s messages are delivered, not lost in transit.”
Asked to comment specifically on whether Facebook/WhatApps had accessed users’ messages and whether it had done so at the request of government agencies or other third parties, it directed the Guardian to its site that details aggregate data on government requests by country.
WhatsApp later issued another statement saying: “WhatsApp does not give governments a ‘backdoor’ into its systems and would fight any government request to create a backdoor.”
Concerns over the privacy of WhatsApp users have been repeatedly highlighted since Facebook acquired the company for $22bn in 2014. In August 2015, Facebook announced a change to the privacy policy governing WhatsApp that allowed the social network to merge data from WhatsApp users and Facebook, including phone numbers and app usage, for advertising and development purposes.
Concerns over the privacy of WhatsApp users have been repeatedly highlighted since Facebook acquired the company for $22bn in 2014. In August 2015, Facebook announced a change to the privacy policy governing WhatsApp that allowed the social network to merge data from WhatsApp users and Facebook, including phone numbers and app usage, for advertising and development purposes.
Facebook halted the use of the shared user data for advertising purposes in November after pressure from the pan-European data protection agency group Article 29 Working Party in October. The European commission then filed charges against Facebook for providing “misleading” information in the run-up to the social network’s acquisition of messaging service WhatsApp, following its data-sharing change.
Facebook halted the use of the shared user data for advertising purposes in November after pressure from the pan-European data protection agency group Article 29 Working Party in October. The European commission then filed charges against Facebook for providing “misleading” information in the run-up to the social network’s acquisition of WhatsApp, following its data-sharing change.
This article was amended on 13 January 2017 to remove the use of the word “backdoor” to describe the vulnerability, following a further statement from WhatsApp. The article was further amended on 25 January 2017 to include the views of a group of security experts who voiced concerns about the story.
• Facebook introduced two-step verification to greatly improve WhatsApp message security in February 2017, after testing it from November 2016.
Should I be worried about the WhatsApp encryption vulnerability?
• This article was amended on 13 January 2017 to remove the word “backdoor” to describe the design feature; on 25 January 2017 to summarise and link to concerns of security experts about the article; and on 28 June 2017 following the findings of a review by the Guardian readers’ editor, which can be read here.
