WhatsApp's secure messages aren't so secure after all

Discussion in 'mobile device security' started by ronjor, Jan 13, 2017.

  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    111,112
    Location:
    Texas
  2. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    4,900
    Don't use, and will never use it. So, no problem, for me.
     
  3. kC_

    kC_ Registered Member

    Joined:
    Apr 6, 2007
    Posts:
    485
    Anyone looking for an alternative I can recommend signal private messanger.
     
  4. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    2,024
    Location:
    Italy
  5. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    111,112
    Location:
    Texas
  6. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    111,112
    Location:
    Texas
    There is no WhatsApp 'backdoor'
     
  7. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,390
  8. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,171
    Plausible user-convenience trade-off or plausible deniability? Is it even possible to distinguish one from the other?

    If/when there is a legitimate security vs convenience decision to be made, should a developer silently default to "convenience" and require users to locate and opt-in to "security"?
     
  9. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    2,024
    Location:
    Italy
    Account/Security - Enable show security notifications.

    This option is disabled by default.
     
  10. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,390
  11. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,171
    Heads up:

    http://arstechnica.com/security/201...e-umbrage-at-report-its-crypto-is-backdoored/ (posted above)
    https://www.theguardian.com/technology/2017/jan/14/whatsapp-vulnerability-secure-messaging-apps (new)
    The HN discussion about WhatsApp contains constructive criticism that might serve as a reference.
     
  12. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,141
    Location:
    Slovenia
  13. M3gatron

    M3gatron Registered Member

    Joined:
    Oct 3, 2016
    Posts:
    41
    Location:
    ::1
  14. 93036

    93036 Registered Member

    Joined:
    Sep 22, 2011
    Posts:
    108
    Last edited: Jan 24, 2017
  15. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,171
    I think you'd need a scoring system in order to rate the safety/security of WhatsApp and similar tools. With bullet points for each of the specific technical requirements that one would want such an application to meet. Which would include whether any messages can be MITM'd, whether users can be alerted to recipient key changes, whether users can be alerted before the new key is used (so they have a chance to verify or abort), whether there is a third-party server in the middle that can collect contact info and/or metadata about messages sent/received, whether the app can be used in a way that protects messages from platform leaks (cloud backups, sync, etc), and so forth.
     
  16. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,141
    Location:
    Slovenia
    https://www.forbes.com/sites/thomasbrewster/2017/05/08/whatsapp-enhances-icloud-encryption
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.