How Whatsapp spies on Your Messages – WhatsApp Retransmission Vulnerability

According to Tobias Boelter tobias@boelter.it

Download the Slides from Tobias here: Whatsapp Slides from Tobias Boelter

Setting: Three phones. Phone A is Alice’s phone. Phone B is Bob’s phone. Phone C is the attacker’s phone.

Alice starts by communication with bob and being a good human of course meets with Bob in person and they verify each other’s identities, i.e. that the key exchange was not compromised.

Remember, Alice encrypts her messages with the public key she has received from Bob. But this key is sent through the WhatsApp servers so she can not know for sure that it is actually Bob’s key. That’s why they use a secure channel (the physical channel) to verify this.

Now, Alice sends a message to Bob. And then another message. But this time this message does not get delivered. For example because Bob is offline, or the WhatsApp server just does not forward the message.

wa3

Now the attacker comes in. He registers Bob’s phone number with the WhatsApp server (by attacking the way to vulnerable GSM network, putting WhatsApp under pressure or by being WhatsApp itself).

Alice’s WhatsApp client will now automatically, without Alices‘ interaction, re-encrypt the second message with the attackers key and send it to the attacker, who receives it:

wa2

Only after the act, a warning is displayed to Alice (and also only if she explicitly chose to see warnings in here settings).

wa1

Conclusion

Proprietary closed-source crypto software is the wrong path. After all this – potentially mallicious code – handles all our decrypted messages. Next time the FBI will not ask Apple but WhatsApp to ship a version of their code that will send all decrypted messages directly to the FBI.

Signal is better

Signal is doing it right. Alice’s second message („Offline message“) was never sent to the attacker.

signal3 signal1 signal2

Signal is also open source and experimenting with reproducible builds. Have a look at it.

Update (May 31, 2016)

Facebook responded to my white-hat report

„[…] We were previously aware of the issue and might change it in the future, but for now it’s not something we’re actively working on changing.[…]“

https://tobi.rocks/2016/04/whats-app-retransmission-vulnerability/

Download the Presentation here: Whatsapp Slides from Tobias Boelter

Advertisements

Kommentar verfassen

Trage deine Daten unten ein oder klicke ein Icon um dich einzuloggen:

WordPress.com-Logo

Du kommentierst mit Deinem WordPress.com-Konto. Abmelden / Ändern )

Twitter-Bild

Du kommentierst mit Deinem Twitter-Konto. Abmelden / Ändern )

Facebook-Foto

Du kommentierst mit Deinem Facebook-Konto. Abmelden / Ändern )

Google+ Foto

Du kommentierst mit Deinem Google+-Konto. Abmelden / Ändern )

Verbinde mit %s