Hacker News new | ask | show | jobs
by righthand 59 days ago
> They didn't actually crack WhatsApp traffic. Someone in the group probably just reported it.

So you don’t know any of this? You have no proof someone in the group reported it. You have no proof they weren’t using a backdoor they found with or without Meta knowing this…

You’re just here to defend Meta then?
2 comments
constantius 59 days ago
The poster is right, it's very unlikely that WA has been backdoored/cracked, and it seems obvious why.

A backdoor to the world's largest messaging app would be extremely valuable: while it can exist, it's unlikely that it'd be so widely available the UAE police can use it for such insignificant cases. And because of its value, no one with access to it (the US, the UAE, Meta) would want it to become public knowledge through such an insignificant case, because everyone they really want to spy on would switch to Signal in a second.

link
righthand 59 days ago
It’s weird that the notification backdoor never gets talked about, but your Whatsapp messages are decrypted in plain sight when the text content is shipped through the notification services. This is mentioned always for Signal but Whatsapp always gets a pass even though it’s a way more malicious company and indeed probably using that hole to profile/track it’s users.

The only response is “oh no Whatsapp cant leak anything the security model of how chat messages are backed up is a-okay!”

link
93po 59 days ago
WhatsApp bothers me incessantly about backing up my messages, and from a quick search online it seems like these backups are not E2E encrypted unless you go into settings and explicitly make them so, which I doubt most people do. And if they are encrypted, I would have a lot of questions about how secure those keys are and where they're stored and if they're using password managers from other tech companies, which of those companies have had NSLs requiring them to backdoor said password managers
link
unethical_ban 59 days ago
Signal got called out for it because it actually happened to a user with the police. Of course it affects all apps. It's also local, so irrelevant to the discussion of networked/encryption hacks someone alleged above.
link
righthand 59 days ago
My point is that we simply don’t know what the police mean by “broke encryption”. It could be they are able Mitm the notifications server not that they’ve broken the whatsapp double ratchet.
link
ljlolel 59 days ago
It’s just Occam’s razor chip out

Way easier for one of a group of humans to report than for a conspiracy hack

link