After presenting our work at Real World Crypto 2018 [1] and seeing the enormous press coverage, we want to get two things straight: 1. Most described weaknesses are only exploitable by the malicious server or by knowing a large secret number and thereby the protocols are still very secure (what we wrote in the paper but some newspapers did not adopt) and 2. we see ways to enhance the WhatsApp protocol without breaking its features.
We are of course very happy that our research reached so many people and even though IT security and cryptography are often hard to understand for outsiders, Andy Greenberg [2], Patrick Beuth [3] and other journalists [4,5,6,7,8] wrote articles that were understandable on the one hand and very accurate and precise on the other hand. In contrast to this, we also saw some inaccurate articles [9,10] that fanned fear and greatly diverged in their description from what we wrote in our paper. We expected this from the boulevard press in Germany and therefore asked them to stick to the facts when they were contacting us. But none of the worst two articles' [9,10] authors contacted us in advance. Since our aim was never to blame any application or protocol but rather we wanted to encourage the developers to enhance the protocols, it contradicts our aim that WhatsApp and Signal are partially declared attackable by "anyone" "easily" [9,10].
Against this background, we understand Moxie's vexation about certain headlines that were on the Internet in the last days [11]. However, we believe that the ones who understand the weaknesses, comprehend that only the malicious server can detectably make use of them (in WhatsApp) or the secret group ID needs to be obtained from a member (in Signal). As such, we want to make clear that our paper does not primarily focus on the description of weaknesses but presents a new approach for analyzing and evaluating the security of group instant messaging protocols. Further we propose measures to enhance the analyzed protocols. The description of the protocols' weaknesses is only one part of the evaluation of our analysis approach and thereby of the investigation of real world protocols. This is the scientific contribution of our paper. The practical contribution of the analyzed messengers, which is the communication confidentiality for billion users (in most cases), is great and should be noted. Therefore we believe that being Signal, WhatsApp, or Threema by applying encryption to all messages and consequently risking research with negative results is much better than being a messenger that does not encrypt group messages end-to-end at all. We do not want to blame messengers that are far less secure (read Moxie's post [11] if you are interested).
Finally we want note that applying security measures according to the ticket approach (as we call it in the paper [12]) to the invitation links would solve the issues that Facebook's security head mentioned in his reply [13] on our findings. To our knowledge, adding authenticity to group update messages would not affect invitation links: If no invitation link was generated for a group, group members should only accept joining users if they were added by an authentic group update message. As soon as a group invitation link was generated, all joining users would need to be accepted as new group members with the current design. However there are plenty ways how WhatsApp could use invitation links without endowing the server with the power to manage groups without the group admins' permission:
One approach would be generating the invitation links secretly and sharing them without the knowledge of the server. An invitation link could then contain a secret ticket for the group and the ID of the group. As soon as a user, who received the link, wants to join the group, she can request the server with the group ID to obtain all current group members. The secret ticket can now be sent to all existing group members encrypted such that the legitimate join can be verified.
Of course this would require engineering but the capability of WhatsApp, shipping drastic protocol updates, can be assumed since they applied end-to-end encryption in the first place.
[1] https://www.youtube.com/watch?v=i5i38WlHfds
[2] https://www.wired.com/story/whatsapp-security-flaws-encryption-group-chats/
[3] http://www.spiegel.de/netzwelt/apps/whatsapp-gruppenchats-schwachstelle-im-verschluesselungs-protokoll-a-1187338.html
[4] http://www.sueddeutsche.de/digital/it-sicherheit-wie-fremde-sich-in-whatsapp-gruppenchats-einladen-koennen-1.3821656
[5] https://techcrunch.com/2018/01/10/security-researchers-flag-invite-bug-in-whatsapp-group-chats/
[6] http://www.telegraph.co.uk/technology/2018/01/10/whatsapp-bug-raises-questions-group-message-privacy/
[7] http://www.handelsblatt.com/technik/it-internet/verschluesselung-umgangen-forscher-finden-sicherheitsluecke-bei-whatsapp/20836518.html
[8] https://www.heise.de/security/meldung/WhatsApp-und-Signal-Forscher-beschreiben-Schwaechen-verschluesselter-Gruppenchats-3942046.html
[9] https://www.theinquirer.net/inquirer/news/3024215/whatsapp-bug-lets-anyone-easily-infiltrate-private-group-chats
[10] http://www.dailymail.co.uk/sciencetech/article-5257713/WhatsApp-security-flaw-lets-spy-private-chats.html
[11] https://news.ycombinator.com/item?id=16117487
[12] https://eprint.iacr.org/2017/713.pdf
[13] https://twitter.com/alexstamos/status/951169036947107840
Further articles:
- Matthew Green's blog post: https://blog.cryptographyengineering.com/2018/01/10/attack-of-the-week-group-messaging-in-whatsapp-and-signal/
- Schneier on Security: https://www.schneier.com/blog/archives/2018/01/whatsapp_vulner.html
- Bild: http://www.bild.de/digital/smartphone-und-tablet/whatsapp/whatsapp-sicherheitsluecke-in-gruppenchats-54452080.bild.html
- Sun: https://www.thesun.co.uk/tech/5316110/new-whatsapp-bug-how-to-stay-safe/
We are of course very happy that our research reached so many people and even though IT security and cryptography are often hard to understand for outsiders, Andy Greenberg [2], Patrick Beuth [3] and other journalists [4,5,6,7,8] wrote articles that were understandable on the one hand and very accurate and precise on the other hand. In contrast to this, we also saw some inaccurate articles [9,10] that fanned fear and greatly diverged in their description from what we wrote in our paper. We expected this from the boulevard press in Germany and therefore asked them to stick to the facts when they were contacting us. But none of the worst two articles' [9,10] authors contacted us in advance. Since our aim was never to blame any application or protocol but rather we wanted to encourage the developers to enhance the protocols, it contradicts our aim that WhatsApp and Signal are partially declared attackable by "anyone" "easily" [9,10].
Against this background, we understand Moxie's vexation about certain headlines that were on the Internet in the last days [11]. However, we believe that the ones who understand the weaknesses, comprehend that only the malicious server can detectably make use of them (in WhatsApp) or the secret group ID needs to be obtained from a member (in Signal). As such, we want to make clear that our paper does not primarily focus on the description of weaknesses but presents a new approach for analyzing and evaluating the security of group instant messaging protocols. Further we propose measures to enhance the analyzed protocols. The description of the protocols' weaknesses is only one part of the evaluation of our analysis approach and thereby of the investigation of real world protocols. This is the scientific contribution of our paper. The practical contribution of the analyzed messengers, which is the communication confidentiality for billion users (in most cases), is great and should be noted. Therefore we believe that being Signal, WhatsApp, or Threema by applying encryption to all messages and consequently risking research with negative results is much better than being a messenger that does not encrypt group messages end-to-end at all. We do not want to blame messengers that are far less secure (read Moxie's post [11] if you are interested).
Finally we want note that applying security measures according to the ticket approach (as we call it in the paper [12]) to the invitation links would solve the issues that Facebook's security head mentioned in his reply [13] on our findings. To our knowledge, adding authenticity to group update messages would not affect invitation links: If no invitation link was generated for a group, group members should only accept joining users if they were added by an authentic group update message. As soon as a group invitation link was generated, all joining users would need to be accepted as new group members with the current design. However there are plenty ways how WhatsApp could use invitation links without endowing the server with the power to manage groups without the group admins' permission:
One approach would be generating the invitation links secretly and sharing them without the knowledge of the server. An invitation link could then contain a secret ticket for the group and the ID of the group. As soon as a user, who received the link, wants to join the group, she can request the server with the group ID to obtain all current group members. The secret ticket can now be sent to all existing group members encrypted such that the legitimate join can be verified.
Of course this would require engineering but the capability of WhatsApp, shipping drastic protocol updates, can be assumed since they applied end-to-end encryption in the first place.
[1] https://www.youtube.com/watch?v=i5i38WlHfds
[2] https://www.wired.com/story/whatsapp-security-flaws-encryption-group-chats/
[3] http://www.spiegel.de/netzwelt/apps/whatsapp-gruppenchats-schwachstelle-im-verschluesselungs-protokoll-a-1187338.html
[4] http://www.sueddeutsche.de/digital/it-sicherheit-wie-fremde-sich-in-whatsapp-gruppenchats-einladen-koennen-1.3821656
[5] https://techcrunch.com/2018/01/10/security-researchers-flag-invite-bug-in-whatsapp-group-chats/
[6] http://www.telegraph.co.uk/technology/2018/01/10/whatsapp-bug-raises-questions-group-message-privacy/
[7] http://www.handelsblatt.com/technik/it-internet/verschluesselung-umgangen-forscher-finden-sicherheitsluecke-bei-whatsapp/20836518.html
[8] https://www.heise.de/security/meldung/WhatsApp-und-Signal-Forscher-beschreiben-Schwaechen-verschluesselter-Gruppenchats-3942046.html
[9] https://www.theinquirer.net/inquirer/news/3024215/whatsapp-bug-lets-anyone-easily-infiltrate-private-group-chats
[10] http://www.dailymail.co.uk/sciencetech/article-5257713/WhatsApp-security-flaw-lets-spy-private-chats.html
[11] https://news.ycombinator.com/item?id=16117487
[12] https://eprint.iacr.org/2017/713.pdf
[13] https://twitter.com/alexstamos/status/951169036947107840
Further articles:
- Matthew Green's blog post: https://blog.cryptographyengineering.com/2018/01/10/attack-of-the-week-group-messaging-in-whatsapp-and-signal/
- Schneier on Security: https://www.schneier.com/blog/archives/2018/01/whatsapp_vulner.html
- Bild: http://www.bild.de/digital/smartphone-und-tablet/whatsapp/whatsapp-sicherheitsluecke-in-gruppenchats-54452080.bild.html
- Sun: https://www.thesun.co.uk/tech/5316110/new-whatsapp-bug-how-to-stay-safe/
Continue reading
- Hacking Tools Windows
- Hacking Tools For Kali Linux
- Hacker Tool Kit
- Beginner Hacker Tools
- Hack Tools Online
- Hacker Techniques Tools And Incident Handling
- Pentest Tools Kali Linux
- Hack Tools Github
- Hak5 Tools
- Bluetooth Hacking Tools Kali
- Best Hacking Tools 2020
- Pentest Box Tools Download
- Pentest Tools Nmap
- Hacker Tools Hardware
- Physical Pentest Tools
- Termux Hacking Tools 2019
- Hacker Tools Online
- Hacker Tools Online
- Nsa Hacker Tools
- Pentest Tools Website Vulnerability
- Pentest Tools Tcp Port Scanner
- How To Hack
- Hacker Tools Software
- Android Hack Tools Github
- Hacking Tools Windows 10
- Pentest Tools Port Scanner
- Hack Tools For Pc
- Free Pentest Tools For Windows
- What Is Hacking Tools
- Physical Pentest Tools
- Pentest Tools Bluekeep
- Hacking Tools Online
- Hacking Tools 2020
- Hack Tool Apk No Root
- Tools Used For Hacking
- Free Pentest Tools For Windows
- Hacking Tools For Kali Linux
- Hacker Tools 2020
- Tools Used For Hacking
- Hackrf Tools
- Hacker Tools Apk Download
- Nsa Hack Tools Download
- Android Hack Tools Github
- Hacker
- Hacking Apps
- Hack Tools Download
- Hack Tools Mac
- Physical Pentest Tools
- Free Pentest Tools For Windows
- Hacking Tools 2019
- Hacking Tools Windows 10
- Hack Tools For Games
- Pentest Tools Port Scanner
- Usb Pentest Tools
- Hacking Tools For Games
- Hacking Tools
- What Are Hacking Tools
- Hacking Tools For Kali Linux
- Hacking Tools Kit
- Hack App
- Tools For Hacker
- Usb Pentest Tools
- Pentest Tools Website Vulnerability
- Hacking Tools For Games
- Hack Tools Online
- What Is Hacking Tools
- Hack Tools For Pc
- What Are Hacking Tools
- Nsa Hack Tools
- Nsa Hacker Tools
- Hacking Tools And Software
- Hack Tools
- Free Pentest Tools For Windows
- Hack App
- Hacker Tools Free Download
- Growth Hacker Tools
- Pentest Recon Tools
- Game Hacking
- Hacker Tools
- New Hack Tools
- Hack Tools For Windows
- Hacking Tools Software
- Pentest Tools Review
- Beginner Hacker Tools
- Pentest Tools Online
- What Is Hacking Tools
- Pentest Tools Download
- Pentest Tools
- Hack Tools Download
- Tools 4 Hack
- Hacker Tools Online
- Pentest Tools Url Fuzzer
- Pentest Tools Apk
- Hacking Tools Github
- Hacking Tools Online
- Hack Website Online Tool
- Pentest Tools Open Source
- Hacking Tools Github
- Pentest Reporting Tools
- Top Pentest Tools
- Hack Tools For Windows
- Blackhat Hacker Tools
- Hacking Tools Mac
- Hacker Hardware Tools
- Underground Hacker Sites
- Tools Used For Hacking
- Physical Pentest Tools
- Hacking Tools For Windows
- Wifi Hacker Tools For Windows
- Pentest Tools Free
- Hacker Tools Free
- Pentest Tools Port Scanner
- Hacker Hardware Tools
- Hacker Tools For Pc
- Pentest Recon Tools
- Hacking Tools For Windows 7
- Pentest Tools Linux
- What Are Hacking Tools
- Hacker Tools Github
- Hacking Tools And Software
- Beginner Hacker Tools
- Hacking Tools For Beginners
- Pentest Tools Online
- Hacking Tools Name
- Hack Tools Download
- What Is Hacking Tools
- Hack Tools
- Hacking Tools Github
- Hack Tools 2019
- Pentest Tools Kali Linux
- Hak5 Tools
- Top Pentest Tools
- Hackrf Tools
- What Is Hacking Tools
- Hack Tools For Windows
- Wifi Hacker Tools For Windows
- Pentest Tools For Android
- Hacker Tools
- Hack Tool Apk
- Hacker Tools Free Download
- Hack Tools
- Hacking Apps
- Hackrf Tools
- Physical Pentest Tools
- Pentest Tools Github
- Pentest Tools List
- Pentest Tools Find Subdomains
- Best Hacking Tools 2020
- Hack Tools
- Pentest Tools Open Source
- Pentest Tools Online
- Hack Tools For Ubuntu
- Wifi Hacker Tools For Windows
- Hack Rom Tools
- Pentest Tools Bluekeep
- Hack Tools For Games
- Hacker Tools Linux
- Hacker Tools For Ios
- Hacking Tools Mac
- Hacking Tools For Mac
- Hacking Tools Name
- Pentest Tools Alternative
- Blackhat Hacker Tools
- Pentest Tools Linux
- Hacker Tools For Mac
- Hacks And Tools
- What Is Hacking Tools
- Hack Tools Github
- Hacking Tools Usb
No comments:
Post a Comment