They didn't actually crack WhatsApp traffic. Someone in the group probably just reported it.
WhatsApp's insecurities are that Meta has access to a full network graph of all users' contacts, and that it wants to upload an unencrypted backup to Google or Apple by default. If there was an actual backdoor in the closed-source crypto, I highly doubt they'd give Dubai police access to it.
WhatsApp put a (weirdly tame and unremarkable?) image a friend of mine tried to post into review and ended up never letting it show up in a thread, the other day. He was able to post a screenshot of it sitting in his view of the thread, and the message about why it was temporarily delayed (it never showed up, though).
This was in a chat of close friends, not one of those weird huge spammy groups of strangers or something. Nobody was using the report button on him, lol.
We’re all in the US. WhatsApp has some level of awareness of the images you’re sharing, apparently.
I’ll preface this with agreeing that you’re probably correct.
That said, it wouldn’t surprise me at all if Meta built an intentional backdoor, and that someone else (or many someone else’s) found it and was utilizing it.
> They didn't actually crack WhatsApp traffic. Someone in the group probably just reported it.
So you don’t know any of this? You have no proof someone in the group reported it. You have no proof they weren’t using a backdoor they found with or without Meta knowing this…
The poster is right, it's very unlikely that WA has been backdoored/cracked, and it seems obvious why.
A backdoor to the world's largest messaging app would be extremely valuable: while it can exist, it's unlikely that it'd be so widely available the UAE police can use it for such insignificant cases. And because of its value, no one with access to it (the US, the UAE, Meta) would want it to become public knowledge through such an insignificant case, because everyone they really want to spy on would switch to Signal in a second.
It’s weird that the notification backdoor never gets talked about, but your Whatsapp messages are decrypted in plain sight when the text content is shipped through the notification services. This is mentioned always for Signal but Whatsapp always gets a pass even though it’s a way more malicious company and indeed probably using that hole to profile/track it’s users.
The only response is “oh no Whatsapp cant leak anything the security model of how chat messages are backed up is a-okay!”
WhatsApp bothers me incessantly about backing up my messages, and from a quick search online it seems like these backups are not E2E encrypted unless you go into settings and explicitly make them so, which I doubt most people do. And if they are encrypted, I would have a lot of questions about how secure those keys are and where they're stored and if they're using password managers from other tech companies, which of those companies have had NSLs requiring them to backdoor said password managers
Signal got called out for it because it actually happened to a user with the police. Of course it affects all apps. It's also local, so irrelevant to the discussion of networked/encryption hacks someone alleged above.
My point is that we simply don’t know what the police mean by “broke encryption”. It could be they are able Mitm the notifications server not that they’ve broken the whatsapp double ratchet.
WhatsApp's insecurities are that Meta has access to a full network graph of all users' contacts, and that it wants to upload an unencrypted backup to Google or Apple by default. If there was an actual backdoor in the closed-source crypto, I highly doubt they'd give Dubai police access to it.