[aylons]

While people discuss about a possible state-actor stronghanding WhatsApp and the semantics of backdoor, the "design feature" of not showing the key changes are making real victims, at least in Brasil:

The attacker first try to duplicate the mobile phone number of the first victim, probably by social engineering their phone company. This part may look difficult to do, but it is not hard if you realize you do not need to target anyone special - everyone uses WhatsApp, so any number gives a high probability of success.

After getting the first victim number, the attacker install WhatsApp, which gladly verifies the user via SMS - WA has no login, no password, so anyone receiving the SMS can impersonate anyone else.

As Whatsapp does not send any alert of key change by default, the attacker is free to impersonate to person - in this case, he simply asks for some borrowed money to be transferred to a bank account, which will be paid soon. The recipient has no reason to distrust the message - it is being sent by his friend in the same chat window as they always talked to, even the logs are there. There is no message to warn about the potential issue, by design!

This is no hypothesis - this is actually happening for some time, now.[1] This design feature surely has some loyal users.

[1]http://www.correiobraziliense.com.br/app/noticia/cidades/201...

[StavrosK]

Unfortunately, if WhatsApp did defend against this, it would be such a big hassle that users would disable it. How many people do you know that wouldn't just click "accept" on "this user's keys changed", or wouldn't just ask the attacker "hey did you get a new phone?" "yes" "oh okay"?

People love to blame WhatsApp, but what can anyone realistically do?

[aylons]

It does not need to be a modal form - a notification message, embedded in the the chat log, just before a "Hey, could you send me some money", could make some people think twice before transferring:

"Wow, he is asking me in excess of USD500 just after WhatsApp warned me his cell phone has changed. Weird".

The simple alert shown in moxie's own blog post [1], perhaps less cryptically written, would probably do the job.

Heck, if this happened between me and girlfriend last week, I would most probably fall, as I did not know this was disabled in WhatsApp. Now, at least, I have turned the notification on.

[1] https://whispersystems.org/blog/images/whatsapp-keychange.pn...

[eridius]

For the overwhelming majority of people, it would just lead to alert fatigue, where users start ignoring the alerts because 99% of the time they're not actually indicative of a problem.

[eitland]

As much as I agree that alert fatigue is a problem this shouldn't trigger it.

[stouset]

[citation needed]

[eitland]

I wrote shouldn't instead of won't.

That said, my reasoning went along the lines of:

Where I live at least people rarely switch phone numbers and I have yet to hear about a single person that I know or have worked with who have had their phone number hijacked.

So, lets say that other people are less lucky than me and this warning will pop up twice a year, -will that be enough to trigger warning fatigue?

IMO, probably not.

Will we still have a problem with warning fatigue? Yes. Why? Because of the sticker and warning requirements created by American lawsuits and EU cookie law. (Oh, and IIRC my country isn't much better in this regard, just smaller so less of a problem.)

While not a citation I hope this explains my reasoning.

[WhitneyLand]

No, this is why I disagree with Moxie, the right UI design wouldn't have to create fatigue. It could just block by default, and then allow you to change the default with an appropriate warning.

At least that way, everyone will become aware at least once and make their choice.

[Spare_account]

Everyone (talking about non-technical users here) won't understand why they can't message a particular person any more and will blame WhatsApp "It's broken again". Block by default would kill growth and they don't want that.

[eridius]

It also absolutely would create fatigue, I don't know why WhitneyLand thinks it wouldn't.

[WhitneyLand]

Because you only have to block once, explain the consequences, and then allow them to unblock by default.

[eridius]

At which point 99% of people would immediately unblock by default and the supposed security would be lost.

[kombucha2]

>How many people do you know that wouldn't just click "accept" on "this user's keys changed"

Literally everyone not tech savvy, this what happens on signal.

[andrewpi]

Whatsapp does have the option to add a password to your account: http://www.androidpolice.com/2016/11/10/whatsapp-enables-two...

[TheCoreh]

>As Whatsapp does not send any alert of key change by default

I don't think that's the case. AFAIK WhatsApp does warn people about key changes with this warning message by default: https://cldup.com/QdUQmjJoF9.png

In fact working with software, at least once a month someone will ask me "Hey, what is this 'Security code has changed' message that pops up every so often about? Do I need to worry about it?"

[aylons]

Apparently, this is not default behavior anymore. Must be set in account - > Security.

[tinus_hn]

This has nothing to do with Whatsapp and its use of encryption but is cause by its choice of username and validation method.

The attacker needs to know the phone number and be able to read SMS messages from the phone number. Even very weak methods like the typical security questions would make this much more difficult.

[bad_user]

People transfer money based on WhatsApp messages from acquaintances, without at least a phone call confirmation?

Seriously, even for good friends and family, I'd expect a phone call when asked for money, not a message. It's basically a matter of respect.

[aylons]

People really rely on whatsapp here. Phone calls are becoming rare.

Also the messages implies that is not really a lending, just to pay someone else and the money will be transferred soon enough.

[xorcist]

> WA has no login, no password, so anyone receiving the SMS can impersonate anyone

That sounds like a fatal flaw. Could not any GNU Radio user dump these by the thousands?

[aylons]

I don't believe it could be done by the thousands, it would be way more targeted:

You'll need to be next to the actual phone number user when you request, and the victim will receive the SMS. Also, the victim would be shut out of WhatsApp (it allows only one client to be active), which would probably trigger some reaction.

Sounds like a nice hack, nevertheless.

[MichaelGG]

Is it true? It'd be trivial to require the activator to be the same device that requested the SMS.