world of internet security, latest cyber security news,information,updates on technology,it job vacancies,internet security,breaches,and safeguards

Tuesday, 17 January 2017

WhatsApp ‘backdoor’ turns out to be known design feature

with 0 Comment

On Friday, The Guardian newspaper accused Facebook’s WhatsApp messaging app of having a “backdoor” security vulnerability on the basis of a security issue revealed to it by researcher, Tobias Boelter of the University of California at Berkeley.

The newspaper has since backed away from the emotive word but the fire had been lit. Was this a fair accusation to throw at WhatsApp?

The report described how the app generates a new key pair for “offline” users, for example when a user loses or changes a phone or phone number and then (after a period of time) reinstalls the app afresh

In the respected Signal app, whose underlying encryption protocol was adopted by WhatsApp in 2016, messages sent to anyone in this situation are deleted and the sender is informed that something has changed. The message can then be re-encrypted and resent after verification that the recipient is still the same person.

In WhatsApp, by apparent contrast, the sending app is simply asked to re-encrypt and re-send the message, something the sender will only be told about if alerting is turned on, after the fact.
The issue is that WhatsApp’s servers could, hypothetically, force the resend of a message using a new key under its control without the sender being able to stop that – a man-in-the-middle (MitM) compromise of sorts.

The first objection with this is that hiding a malicious key reset indefinitely would be difficult on WhatsApp given the software’s “verify security code” feature that ensures both sides are using the same key and no MiTM is taking place.

This also looks more like a design trade-off than a backdoor. As a mass-market product, WhatsApp was designed to make itself as transparent as possible and not to bother users with possibly confusing alerts about key pair changes.

The developer who co-authored the Signal protocol used by WhatsApp, Open Whisper Systems’ Moxie Marlinspike, said the backdoor claim was a misnomer:  “Under no circumstances is it reasonable to call this a ‘backdoor,’ as key changes are immediately detected by the sender and can be verified.”

“It is great that the Guardian thinks privacy is something their readers should be concerned about. However, running a story like this without taking the time to carefully evaluate claims of a ‘backdoor’ will ultimately only hurt their readers.”

For something to be a true “backdoor”, it must simultaneously satisfy two criteria beyond simply compromising security or privacy. First, it must have been put there deliberately, for either benign or villainous reasons. Second, it must be undocumented, which is to say only the people who put it there know about it.

The minute a backdoor  becomes public knowledge, it stops being one and becomes just another security flaw that needs to be fixed if that product wants to hang on to its users.

On that basis, it is inaccurate to describe the WhatsApp issue as a “backdoor” when it is really a known design compromise, and also one that people should be aware of.

0 comments:

Post a Comment