7

As WhatsApp states: every time a user installs or updates the app, a new key pair would be generated on the user's device. So I assume that the chat history on iCloud which was encrypted by the old public key should not be decrypted and readable.

But, what I found is that: users are still able to recover and read the chat history even though they don't have the old private key (tested by changing to a new device).

So, how is this achieved by WhatsApp? The private key never goes on the network, and was not even stored on the user's device anymore after updating the app or changing to a new device. How does the chat history recovery work then?

S.L. Barth
  • 5,486
  • 8
  • 38
  • 47
fans3210
  • 71
  • 1
  • 3
  • 1
    It would be nice to have a proof link before we start tarring and feathering. – Dmitry Grigoryev Mar 31 '17 at 06:15
  • Here is the link of whatsapp's encryption overview: whatsapp.com/security/WhatsApp-Security-Whitepaper.pdf – fans3210 Mar 31 '17 at 06:47
  • Here is the link of whatsapp's encryption overview: https://www.whatsapp.com/security/WhatsApp-Security-Whitepaper.pdf From the doc, I can distinguish that 1. RSA was used, 2. private key was only stored on device. And after testing by switching phones, I found that the chat recovery service still works even though I don't have the private key on the new phone. So it should be a new key generated during installation – fans3210 Mar 31 '17 at 07:00

2 Answers2

8

WhatsApp includes a feature to explicitely cope with users losing their phones or the phones being broken. That feature is discussed in a article from the Guardian where it is seen as a back door:

WhatsApp has the ability to force the generation of new encryption keys for offline users, unbeknown to the sender and recipient of the messages, and to make the sender re-encrypt messages with new keys and send them again for any messages that have not been marked as delivered.

The recipient is not made aware of this change in encryption, while the sender is only notified if they have opted-in to encryption warnings in settings, and only after the messages have been re-sent. This re-encryption and rebroadcasting of previously undelivered messages effectively allows WhatsApp to intercept and read some users’ messages.

[Whatsapp justifies that to cope when] a contact’s security code has changed. We know the most common reasons this happens are because someone has switched phones or reinstalled WhatsApp. This is because in many parts of the world, people frequently change devices and Sim cards. In these situations, we want to make sure people’s messages are delivered, not lost in transit.

That indeed allows you to recover your chat history in your new phone without any access to the old key. But that also mean that it is easier to steal WhatsApp exchange that end to end encryption should allow. And it also means that WhatsApp can actually give the full history to legal authorities if they were asked to, simply by simulating a new device...

Community
  • 1
Serge Ballesta
  • 25,636
  • 4
  • 42
  • 84
  • +1. Everybody thinks WhatsApp is some magic black box of unrecoverable communication, but it's wide open for any law enforcement agent with the proper paperwork. – Ivan Aug 01 '17 at 18:28
2

No backup is ever sent to WhatsApp servers. If you activate cloud backup, they are stored on Google Drive or iCloud. They are not encrypted on Google Drive, but are encrypted on iCloud. There's some reports about it.

The message stream is end to end encrypted, so nobody outside the chat can see anything. But the history is not encrypted with the same end-to-end keys.

ThoriumBR
  • 50,648
  • 13
  • 127
  • 142
  • "so nobody outside the chat can see anything" -- Wrong. WhatsApp has the ability to comply with subpoenas and warrants, and regularly do. It's only secure enough to hide conversations from your parents-- law enforcement has easy access to your data. – Ivan Aug 01 '17 at 18:27
  • 1
    No, they don't. In Brazil WhatsApp gets blocked from time to time because they don't hand over chat data even when they got subpoenas. On https://www.whatsapp.com/security/WhatsApp-Security-Whitepaper.pdf they clearly say "Messages between WhatsApp users are protected with an endto-end encryption protocol so that third parties and WhatsApp cannot read them and so that the messages can only be decrypted by the recipient. All types of WhatsApp messages (including chats, group chats, images, videos, voice messages and files) and WhatsApp calls are protected by end-to-end encryption." – ThoriumBR Aug 02 '17 at 15:31
  • WhatsApp is a US company with no obligation to do favors for the Brazilian government. If you're an American though, all bets are off. Even without the message contents they will provide connection data, leading to ISP subpoenas for subscriber info, filing of search warrants, seizure of your phone and forensic discovery of such-- helpfully aided by situations such as the one the OP describes. It's not a miraculously "safe" messaging platform. Your conversations are always discoverable. – Ivan Aug 02 '17 at 17:43