46

There are currently media reports that the Chinese government are blocking some types of messages sent via WhatsApp ("pictures, voice messages and video").

Given that WhatsApp traffic has end-to-end encryption, what mechanisms is it likely that the Chinese government could be using to do this?

user2428118
  • 2,768
  • 16
  • 23
Rory McCune
  • 60,923
  • 14
  • 136
  • 217
  • Uhm traffic analysis? ;) – SEJPM Jul 19 '17 at 13:11
  • 22
    What kind of messages does it leave through? Text only? In that case they might simply filter out messages which exceed a certain size. Size is the one thing you can't masquerade with encryption (at least not downward). – Philipp Jul 19 '17 at 13:13
  • I can only assume that the ability to filter certain messages becomes possible because that the meta data of type of message is sent in the clear (in some form) and/or the packet is split up differently to allow a differential comparison. OR maybe WhatsApp use different servers/networks for different content? Good question though – ISMSDEV Jul 19 '17 at 13:29
  • 3
    @Philipp, you can hide size to an extent, by having fixed-sized packets, and since you can't tell what packet goes to which message, you can't tell the size of the message. Although I'm pretty sure whatApp doesn't try hard to hide size. – Grant Davis Jul 20 '17 at 03:29

2 Answers2

63

Given that Whatsapp traffic has end-to-end encryption, ...

End-to-end encryption neither implies anonymity nor that the underlying protocol is unrecognizable to an eavesdropper and doesn't reveal any meta information at all.

In fact, obscuring protocols to hide them from firewalls is notoriously difficult and finding out enough to block the traffic can be fairly easy. In the case of WhatsApp, it's also irrelevant that E2EE is used, because WhatsApp adds an extra layer of encryption between client and WhatsApp servers anyway (formerly via TLS, now Noise Pipes). So the fact that users additionally get E2EE via the Signal protocol has limited impact on traffic analysis.

There are some obvious ways to block WhatsApp traffic without having to bother with encryption:

  • Block the servers. WhatsApp publishes the IP pool of their messaging servers. (The IPs used to be listed here and have since been moved to the Facebook Mobile Partner Portal.) But even without a ready-made list of IPs it would be fairly easy to reverse-engineer a list of servers by just using the app and observing the traffic. (That's an entirely common technique - similarly, the Tor network has suffered in the past years from China blocking the majority of their public relays.)

  • Block the protocol. The government could use heuristics to recognize and block the transport protocol. Blocking based on traffic patterns has worked in the past for BitTorrent, Tor and others but might come with a notable overhead. (I can't comment on whether this approach is practical.)

One way to block media files in particular would be by identifying large uploads. It might also come in handy that WhatsApp doesn't send images the same way as ordinary text. Instead, clients encrypt and upload attachments separately and then just send a message containing the key to the upload.

Since the news report states that no files could be sent at all, it's plausible that the government just temporarily blocked the attachment upload servers (which would leave plain messages unaffected).

The process for sending attachments is detailed in the WhatsApp Security Whitepaper:

Transmitting Media and Other Attachments

Large attachments of any type (video, audio, images, or files) are also end-to-end encrypted:

  1. The WhatsApp user sending a message (“sender”) generates an ephemeral 32 byte AES256 key, and an ephemeral 32 byte HMAC- SHA256 key.
  2. The sender encrypts the attachment with the AES256 key in CBC mode with a random IV, then appends a MAC of the ciphertext using HMAC-SHA256.
  3. The sender uploads the encrypted attachment to a blob store.
  4. The sender transmits a normal encrypted message to the recipient that contains the encryption key, the HMAC key, a SHA256 hash of the encrypted blob, and a pointer to the blob in the blob store.
  5. The recipient decrypts the message, retrieves the encrypted blob from the blob store, verifies the SHA256 hash of it, verifies the MAC, and decrypts the plaintext.
Arminius
  • 43,922
  • 13
  • 140
  • 136
  • +1, but also users could side step the server block converting pictures to text and then putting them together at the other end, but they could not get around traffic analysis this way, its hard to hide the meta data of the throughput. – daniel Jul 19 '17 at 21:46
  • [This](https://yro.slashdot.org/story/17/07/18/1638220/chinas-censors-can-now-erase-images-mid-transmission) is the article I saw. The key point in this that confused me is the comment "Sometimes you can get around censors by rotating the photo". It would seem that perhaps the filter is selective, and not simply blocking _all_ images. What are your thoughts on this? I suppose I may have misunderstood the article. – That1Guy Jul 20 '17 at 14:58
  • @That1Guy The "rotation" technique refers to WeChat, not WhatsApp, which I suppose doesn't encrypt at all or at least gives authorities access since it's a China-based company. WhatsApp, however, as I mentioned, end-to-end-encrypts all attachments, so the government can't selectively block certain images here. – Arminius Jul 20 '17 at 15:02
  • Ah, you're right - sorry about that. I feel like a dummy now – That1Guy Jul 20 '17 at 15:04
5

First, WhatsApp messages always pass through WhatsApp servers, so it is easy for the Chine government to identify WhatsApp exchanges. Next I do not know if different types of messages use different servers, but a text message will be much shorter than image or video, and is likely to be sent in one single packet. So it would be enough to abort any exchange to or from a WhatsApp server where the total size is over a certain threshold.

But the linked article declares that the disruptions were not continuous, so it may be possible that China censors are still experimenting with their blocking rules.

user2428118
  • 2,768
  • 16
  • 23
Serge Ballesta
  • 25,636
  • 4
  • 42
  • 84