News has emerged that the popular messaging app Whatsapp is vulnerable to a man-in-the-middle attack (MitM). Whatsapp messenger is used by people all over the world because it has end-to-end encryption to make it secure. However, we now know that those messages are, under some circumstances, vulnerable to interception, despite the encryption.
The reason? Whatsapp has an encryption implementation weakness that, at certain times, forces new authorization keys on users. This gives Whatsapp (which is owned by Mark Zuckerberg’s Facebook) the ability to access the contents of messages.
Tobias Boelter found the unwanted capability (he describes it as a vulnerability). Boelter is a security researcher and cryptography expert at the University of California, Berkeley. The findings fly in the face of Facebook’s claims that nobody can penetrate Whatsapp’s end to end encryption. So, what exactly is the problem?
Man in the Middle
When someone gets a new contract, loses their phone, or simply reinstalls Whatsapp, the firm must assign a new key. This applies to both the sender and recipient of any messages, including sent messages that remain unread. Once that process is complete, users can check a security code on-screen to make sure they match. If they do, then users can be assured that a MitM attack isn’t intercepting their messages.
According to Boelter, however, between the time that the key is generated and sent to the first user, Whatsapp, Facebook or a third party working with them (such as the government), could intercept messages before handing over the key to the recipient. During this time, the person who sent the messages would be unaware of the problem. This is because Whatsapp would appear to be the proper recipient of the message, until the time that it assigns the key to the recipient.
A True Vulnerability?
Whatsapp has based its encryption on the highly regarded Signal protocol created by Open Whisper. That protocol generates unique security keys and shares them between two parties to verify that received messages are secure. According to Open Whisper, descriptions in the media of a purposefully written backdoor in Whatsapp are unwarranted.
Open Whisper’s founder Moxie Marlinspike says that, due to Whatsapp’s massive user base, its decision to implement the assignment of new keys (without the need for intrusion) is functional and does not really interfere with security. According to Marlinspike, it is true that Facebook, Whatsapp (or a third party) could take a peek at messages. However, Marlinspike feels that it is highly unlikely that this is actually taking place. His reason for this opinion? Whatsapp has a feature that allows users to turn on encryption change notifications. If this feature is enabled, Whatsapp informs the sender of the message of the key change.
The Whatsapp server does not explicitly know who has that feature switched on. Thus Open Whisper believes that trying to exploit the key change vulnerability would be highly risky, because of potential detection. In that case, however, the question becomes: how does Marlinspike know that Facebook’s system doesn’t know who has notifications on? I asked him this question directly. I got a response that told me, “there is no backdoor in WhatsApp’s encryption.” However, he wouldn’t say more and later directed me to his rebuttal of the Guardian article.
Disagreement About the ‘Ease of Use Feature’
The discoverer of the flaw certainly doesn’t see eye to eye with Marlinspike. In his blog post on the subject, Boelter says the following:
“I don’t know about you, but the door of my apartment has a lock and I need a key to open it. Sometimes the inevitable happens and I forget my key inside my apartment and I only realize this after closing the door. Then I need to call and pay someone to come, check my ID, and open the door. This is very inconvenient. It would be much more convenient if the door stayed unlocked day and night. But am I willing to trade the worse security for the convenience? No! Just like in the case of automatic WhatsApp message re-encryption.”
Boelter says that he first informed Facebook about the Whatsapp’s vulnerability in April 2016. He feels that the firm’s decision to leave it in (as a so-called “feature)” is conspicuous, if not completely lapse. Either way, it is clear that the cryptography expert doesn’t feel as confident as Marlinspike about the privacy of Whatsapp messages. In fact, Boelter feels absolutely certain that Marlinspike is wrong. He goes as far as saying:
“Not only messages, but also voice calls and file transfers can be intercepted with this vulnerability. Moxie, I do respect all the work you’ve done to promote widespread encryption. But regarding this topic you’re wrong.”
Facebook Messenger Too?
While not yet reported, the vulnerability to a MitM attack also likely applies to Facebook too. Allow me to explain. Last July, Facebook rolled out encryption for Facebook messages. Facebook peddles that feature as a way to send secure messages, at times when privacy is essential.
On closer inspection, however, Facebook’s “Secret Conversation” feature is also based on Open Whisper’s Signal. Facebook’s secret conversation does have an extra feature that allows users to specify a countdown time until Facebook automatically deletes the message, which is good. However, is the Whatsapp vulnerability also present in Facebook’s encryption platform? As yet, this is unverified but because Facebook owns Whatsapp and they both use Signal, suspicion is natural.
Turn on Verify Keys
If you are a Whatsapp user, the best course of action is to turn on the Verify Keys notification. That way you will be informed when a new key is assigned. However, even with this setting on, Boelter is unconvinced of Whatsapp’s privacy:
“So there is this setting in WhatsApp “Show security features”. It basically tells WhatsApp “Hey, I’m especially concerned about my privacy. I know what I am doing. Please give me the best privacy possible”. But even with this setting enabled, WhatsApp will automatically re-encrypt and retransmit messages, leaving the sender vulnerable.”
Without verifying the source code, we can’t tell if Facebook knows who has the notification feature switched on. As such, the vast majority of Whatsapp’s one billion users (who use the messenger with default settings) could easily be falling victim to an institutionalized MitM vulnerability that Marlinspike is simply unaware of.
Take It on the Chin
Boelter feels that Facebook should patch up the problem and release the source code. This is sadly unlikely to happen, which likely means that we can’t trust the platform. Talking directly to Facebook, Boelter says:
“So here is my recommendation to you, Facebook: Say that this was intended as a feature, but acknowledge that you have made the wrong security trade-off. You can keep your face and fix the vulnerability. To restore trust into your messaging platform you should release the source code of the clients. Your business asset is not the source code of the messenger app, it is your massive user-base. The source code of your highly scalable server infrastructure is a true business asset but that part you don’t have to disclose.”
Privacy Campaigners Unimpressed
What has infuriated privacy campaigners is that the backdoor would also imbue Facebook with the ability to help governments to break into messages, should the need arise. Everyone will remember the San Bernardino case from last year. The FBI was desperate for Apple to break the encryption on an iPhone. This is a frequent request from intelligence agencies, but everyone thought it was impossible using the encryption on Whatsapp.
The fear now, however, is that governments (and even hackers who get hold of the encryption keys) could, in fact, penetrate the contents of those messages. This is considered a massive breach of trust and a “huge threat to freedom of speech,” according to Professor Kirstie Ball, co-director and founder of the Centre for Research into Information, Surveillance, and Privacy.
Whatsapp has over a billion users. With that in mind, if Facebook did share encryption keys (because of a warrant for instance), the NSA or any other intelligence agency would have access to a staggering amount of content. The Berkeley expert has made it clear that Facebook could ‘shore up’ this vulnerability if it wanted to. So ask yourself: why is Facebook leaving the hole open to listen while you whisper?