| HN Mirror

Y	Hacker News new \| ask \| show \| jobs


	by pfg 3440 days ago
	WhatsApp has the ability to change the identity key associated with a user. That's the key they give anyone who wishes to send a message to that user. This is necessary in case the device is lost, wiped or replaced. Changing the identity key triggers a notification for other parties in a conversation if they have enabled that option. However, WhatsApp also automatically re-encrypts any messages that have not been marked as delivered using the new identity key. An attacker that could force WhatsApp to change the identity key to one under their control could then read those re-encrypted messages, but not any messages that were already marked as delivered (or any future messages, assuming the notification causes the chat parties to re-verify the keys out of band before continuing their conversation).

1 comments

folex 3439 days ago

> to one under their control

I wasn't able to find proof for attacker's ability to provide pregenerated key, can you please provide link with/or quote? I also wasn't able to find description of WhatsApp key changing procedure, and intuitively it would be more than strange not to require new identity key be signed with previous one.

pfg 3439 days ago

The key is generated on device. WhatsApp acts as a kind of key server (if we want to compare it to GPG) where a sender can look up the public (identity) key of the recipient, which is then used to encrypt the message for the recipient. I'm simplifying a bit here, but the details are not important in this context.

The scenario is that someone changes the public key associated with the recipient on WhatsApp's server, which then causes the re-transmission "vulnerability" I described. This could be done either because the government forces them to, or because the server is compromised.

> it would be more than strange not to require new identity key be signed with previous one.

This would not work in practice. Phones can be lost, stolen and/or broken. There would be no way to sign the new key with the old one in any of these scenarios, since the key is only stored on the (lost) device. Forcing the users to back up the keys is not practical either for an app that wants to be an easy replacement for SMS, and depending on how users store those keys, might be less secure.

folex 3439 days ago

So the main problem is that the only way to make something secure is to introduce authentication factors, e.g. passphrase or biometrics