64

Today I woke up and checked my Whatsapp and got the message that communications are encrypted end-to-end from now on.

However, how can I know whether Whatsapp can be trusted?

I did not generate my private/public keys, nor can I change them. Isn't this always a security flaw?

Could it be that the private keys were intercepted as they were being sent to users?

Could it be that Whatsapp kept the private keys, just in case the FBI gets really mad about not being able to access some account and demand cooperation?

Nathan
  • 812
  • 6
  • 12
Quora Feans
  • 1,861
  • 1
  • 12
  • 20
  • 64
    How could you know whether Whatsapp could be trusted before? – M'vy Apr 06 '16 at 12:27
  • 6
    The private keys are supposedly generated on the user end and only the public keys are sent out to WhatsApp. And FYI: E2E encryption won't stop the FBI as they can just try to pull off what failed with Apple with WhatsApp (i.e. a malicious targeted software update). – SEJPM Apr 06 '16 at 12:30
  • 3
    Plus they have law that forces messaging service to keep records and hand the over on court order IIRC. – M'vy Apr 06 '16 at 12:31
  • 3
    @M'vy, but this is merely cipher text if WhatsApp isn't lying... – SEJPM Apr 06 '16 at 12:37
  • And if they are not keeping the keys. – M'vy Apr 06 '16 at 12:42
  • 13
    This is Facebook that we're talking about. Would they really respect user privacy? – Lucien Apr 06 '16 at 22:25
  • 1
    Just implement RSA encoding yourself and encode your messages using the public key of the receiver and vice versa. – Count Iblis Apr 07 '16 at 00:36
  • 1
    @M'vy Did anyone say they trusted WhatsApp even before? – Marcel Apr 07 '16 at 09:45
  • 3
    @Marcel no. This is just a remark that, if you used the service before without even encrypting, then why would you stop because the encryption protocol might be broken? Unless you feel like starting new discussion where you care about encryption, in which case you should not trust them. – M'vy Apr 07 '16 at 09:54
  • 1
    @M'vy The answer to that is fairly obvious. If you didn't trust them before but can trust them now, then you can use it to transmit more sensitive communications that you wouldn't have done before. If you still can't trust them, then you would use it in the same way as before. So the question is very relevant. – Jon Bentley Apr 08 '16 at 06:42
  • My understanding was that WhatsApp did end-to-end encryption already for quite some time? (I recall that it was humorously remarked on [32c3](https://events.ccc.de/congress/2015/wiki/Main_Page) that WhatsApp was officially more secure than [DE-Mail](https://en.wikipedia.org/wiki/De-Mail)) – Hagen von Eitzen Apr 08 '16 at 09:33
  • @HagenvonEitzen They only used e2e encryption on Android-to-Android communication before the last update. They only added encryption on their iOS, Blackberry, Windows, etc. clients this week. – toni Apr 08 '16 at 10:25
  • I haven't seen anyone mention the fact that you can confirm the public key of a contact using QR codes to make sure there isn't a man in the middle attack going on. edit: see here: https://www.whatsapp.com/faq/en/general/28030015 – Mike Weller Apr 22 '16 at 13:56

2 Answers2

55

"I did not generate my private/public keys"

You didn't, but your device did.

"nor can I change them"

I wouldn't be surprised if they add that ability in future (as it'd just be a case of being allowed to authenticate with your existing key and then request that it be replaced: providing only a new public key at that point)

Could it be that the private keys were intercepted as they were being sent to users?"

The keys are generated client-side, or so they say...

"Could it be that Whatsapp kept the private keys, just in case the FBI gets really mad about not being able to access some account and demand cooperation?"

We'll see....

Their paper gives a decent description of what's going on and includes a link to the (open source) protocol library that they use.

However, as with any system, you ultimately have to trust that they're on your side and not the bad guy's (whoever that may be) because if they control the code and the updates to it, then they still have the power to release modifications targeting specific users etc if required... However, much like the Apple vs FBI case, it's really not in the tech companies' best interest to be seen to give in to such demands.

NVZ
  • 141
  • 3
  • 13
Nathan
  • 812
  • 6
  • 12
  • "if they control the code and updates to it, then they still have the power to release modifications targeting specific users" technically this wouldn't be a problem if password key derivation was used (which is much better than storing the key on device alone). – PyRulez Apr 06 '16 at 16:37
  • 20
    @PyRulez It would still a problem. A silent update that patches LoginActivity.java and adds 2 lines of codes to take your password from the input field and send it to WhatsApp servers. Another way is to patch the message decryption logic and append code that sends the message to WhatsApp servers. Even another way to do it is to duplicate the message the encrypt the other copy with WhatsApp-provided key. The possibilities are endless. In the end, no matter what technologies and cryptomagic they use, you have to decide whether you trust WhatsApp or not. Personally, I still use WhatsApp. – Adi Apr 06 '16 at 16:43
  • @Adi yes, but it would add an extra layer (the F.B.I. couldn't come after the fact and get your data unless they get you to tell them the password). Really, you really have no way to be sure of the safety of closed source apps anyways. – PyRulez Apr 06 '16 at 16:47
  • 2
    It's great that they're using the Signal library (it has a good pedigree) but WhatsApp has traditionally been so insecure, I find it hard to believe they're using it in a secure manner. – Basic Apr 06 '16 at 16:55
  • This is a library link from the paper https://github.com/whispersystems/libsignal-protocol-java/ – Tibor Blenessy Apr 07 '16 at 09:37
  • Wouldn't it also be almost trivial for the FBI to recover the secret key if they have possession of the phone, as in the San Bernardino case? AFAIK, the only thing keeping the FBI out of that iPhone was the hardware security. – TimH - Codidact Apr 07 '16 at 17:14
  • 4
    @timh indeed - the clue is in the name... If you have access to an end of the "end to end", then that's a very different scenario... https://xkcd.com/538/ – Nathan Apr 07 '16 at 19:41
  • I am really confused, why isn't the answer "yes you can know whether whatsapp is actually doing what it is claiming to do by monitoring the traffic of whatsapp on your network", is there a short answer for that? – bubakazouba Apr 07 '16 at 23:23
  • @bubakazouba You mean the traffic which is encrypted? Twice. If it was as simple as just watching traffic, life would be great for anyone else who wanted to see your chats... Kind of the whole point of encryption. No, having access to the endpoint application is where you need to start and with no source code, that's less easy. – Nathan Apr 08 '16 at 05:29
  • @Nathan But I mean, if you have physical access to both devices and you can monitor the whole network doesnt that make it easier? – bubakazouba Apr 08 '16 at 05:33
  • Slightly, but remember you'd still be missing access to the server. Not easy, that's for sure. – Nathan Apr 08 '16 at 06:42
14

It is correct that you did not generate the keys, WhatsApp did. So you have to trust WhatsApp on this, and on not keeping any copy of the private key. At most you can verify that you are exchanging messages with whom you think you are by comparing the 'fingerprints' of the keys (again trusting WhatsApp on this as they tell you this information).

In short, you have to trust WhatsApp to follow the security protocol for each step as described here. WhatsApp source code is not available, therefore, if you use it, you must be aware that you are trusting WhatsApp on everything you do, whether the communication channel is said to be encrypted end-to-end or not.

Guille
  • 385
  • 1
  • 9
  • If you're going to 'trust' WhatsApp, why would they have to bother in doing so much at the first place? Why not simply ask the people to 'trust' them and then take the risk of trusting them? – Muhammad bin Yusrat Oct 20 '16 at 09:05
  • There is a different in saying "WhatsApp won't read your chats" and saying "WhatsApp cannot read your chats" obviously second statement is what WhatsApp is making. – Muhammad bin Yusrat Oct 20 '16 at 09:06
  • @MuhammadbinYusrat There is no way to verify neither of your two claims until WhatsApp opens up its source code. Your second statement obviously implies the first but the question is mostly about verifying the protocols in place (and how and where the keys are generated and stored). – Guille Nov 03 '16 at 14:41
  • I haven't made any claims. – Muhammad bin Yusrat Nov 03 '16 at 14:52
  • @MuhammadbinYusrat You did so when you implied knowledge on WhatsApp may or may not be doing, unless you cite the sources, these statements are of your own. And as said, neither of them, without proof on your side (or reference), can be accepted. – Guille Nov 07 '16 at 14:37
  • I didn't imply any knowledge about what whatsapp may or may not be doing. Please read details on WhatsApp's page. Its very easy to read. Very straight forward. https://www.whatsapp.com/faq/en/general/28030015 – Muhammad bin Yusrat Nov 08 '16 at 10:54