[jMyles]

It is sad, and misinformative, that this article is currently #1 on HN, while the much more accurate and better-written Guardian piece "WhatsApp backdoor allows snooping on encrypted messages" is #2.

The linked piece is hard to critique because it's borderline incoherent. The "conclusion" is simply not a conclusion, particularly this passage:

> A provider always has the ability to intercept messages as long as the user does not verify fingerprints. With WhatsApp, it is even harder to make sure, no MitM takes or took place. WhatsApp is closed source, so who can tell, if WhatsApp just displays wrong identity keys and lets the user think that everything is perfectly OK ..?

[sfifs]

It's actually very accurate technically. The Guardian article seems to miss the basic point.

The encryption in WhatsApp and Signal and Apple messaging all are all built to protect data from others in transit not necessarily from the service provider itself.

No system where a central service provider manages both key infrastructure and message delivery can ever be secure from MITM by the service provider unless you do manual key verification through a different channel. Signal does provide the means to doing so by physically meeting a person and verifying which is good. But are you truly going to be able to explain these concepts beyond techies?

[jMyles]

But the actual point here is the retransmission vulnerability. That's what makes WhatsApp different. That's the backdoor.

[sfifs]

Look if WhatsApp wants to read your messages without you detecting, there's nothing you can really do to prevent it apart from not using WhatsApp.

For instance if you're on some list for message interception, they can give you MITMed keys when you first login. Or they can insert some subtle signal that tells the app on your specific phone to ignore key changes and avoid showing notification in some way you would struggle to check (closed source and obfuscated code) etc etc. They could even show you the right key if you attempt verification but use a compromised one for communication. This particular vuln. would be a ridiculously crude way to intercept messages.

To repeat, in any system where key distribution and message distribution are centralized, there is no way to protect against the service provider - and anyone who co-opts the service provider (eg. with a court order). The objective of the encryption is to protect against other actors snooping on you

[slashcrypto]

I edited the article because I really missed this point, you are right. I thought WhatsApp is not sending the message which got encrypted with the new key. But still, I would not say this is a backdoor, because the user has a relatively easy way to check the keys. If WhatsApp would like to implement a backdoor, they would have done it in a different way I think.

[taneq]

Apart from the horrifying punctuation, I can't see how the quoted paragraph is technically incorrect. Some kind of real-world validation is required before you can trust that a public key really represents a given entity (at least, that's how I'm interpreting "verify fingerprints") and so it follows that if users don't validate the public keys of their correspondents, they can't know for sure that their conversations haven't been MitM'd.

[rocqua]

The paragraph is correct but misses the point.

Whatsapp will re-transmit messages with a key provided by whatsapp without ever giving the user the option to verify that key. Even with the opt-in, the message will be re-transmitted. All the opt-in ensures is that you are notified of the key change (a notification you receive after the message has already been re-transmitted under the new key)

[slashcrypto]

I edited this part, you are definitely right.

[dutchbrit]

Shame that we can only upvote articles, not downvote