WhatsApp ? WhatsCryptography? WhatsEncryption? Answer is: I don’t know

Posted on

And it happens again to WhatsApp, being further embarrassed by researchers showing that they do not know how to implement encryption correctly. Recently Help-Net Security published an article about a Dutch Computer Science and Mathematics student (Thijs Alkemade) at Utrecht University has discovered how WhatsApp encrypts and authenticats its messages.

we know that not only does WhatsApp use the same (RC4) encryption key for the messages in both directions, but also the same HMAC key to authenticate messages.

The main problem being:

“But a MAC by itself is not enough to detect all forms of tampering: an attacker could drop specific messages, swap them or even transmit them back to the sender,”

But also points out that there is a simple solution which is using TLS. So in conclusion

  • All WhatsApp users are still not safe
  • Your messages can be sniffed out
  • Your message can be decrypted
  • Your only protection is to stop using WhatsApp
  • Wait for WhatsApp to learn how Encryption works so they can implement it correctly

I’ll end this post with a quote from Thijs Alkemade:

“solution that has been reviewed, updated and fixed for more than 15 years, like TLS.”

4 thoughts on “WhatsApp ? WhatsCryptography? WhatsEncryption? Answer is: I don’t know

    ZuZ said:
    October 10, 2013 at 10:48 am

    But, but…. TLS and the likes don’t have known backdoors! . (at least that is what we have been told!)

    Imagine the number 1 cross platform internet-based texting service isn’t monitor-able! OH THE HORROR.

    Off with his head!

      aa said:
      October 15, 2013 at 12:10 am

      It could still be monitored and logged at the servers regardles..

    geodma responded:
    October 10, 2013 at 10:53 am

    Backdoors?! brother please, haven’t you heard of PRISM ?

    ZuZ said:
    October 10, 2013 at 11:05 am

    Thou shall not speak of the transparent optical element with flat, polished surfaces that refract light.

Leave a Comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s