【】

Neither WhatsApp nor The Guardianare having a good day.
The UK-based newspaper published a scathing exclusive report early Friday morning, purporting to reveal disturbing news about the encryption used by WhatsApp's, the Facebook-owned messaging service. Almost as soon as the article went live, however, security experts took to the internet to publicly question the nature of its claims.
Late in the day Friday, Open Whisper Systems, the team behind the end-to-end encryption service used by WhatsApp and secure messaging client Signal, published a blog post in response to the article. The post refuted The Guardian's claims at length, expressing the team's disappointment with the way in which the news was reported.
SEE ALSO:Older smartphones get locked out of WhatsAppAccording to The Guardian's article, WhatsApp has a glaring security flaw in the manner its end-to-end encryption is set up, which creates a wide-open backdoor which "allows snooping" by Facebook — and, by extension, government agencies or others who might gain access to it by legitimate or nefarious means.
The Guardianstory reports that WhatsApp's encryption is vulnerable when a user sends a message to a contact who is offline. When that happens, the end-to-end encryption is, in a sense, broken, since one of the ends no longer exists. In that case, the service creates a new set of encryption keys for the offline user so the message can they can still get it when they come back online. (For a primer on encryption, check out this helpful video or view it at the bottom of this post.)
However, WhatsApp doesn't alert either the sender or the recipient about of the change, and the messages are caught in a kind of limbo in the meantime, the security of which is unclear -- at least until the recipient comes back online. According to the Guardian, this "effectively allows WhatsApp to intercept and read users’ messages."
By comparison, Signal doesn't automatically resend offline messages like WhatsApp does, theoretically making those messages more secure.
Information security experts were turned off by the article. Complaining on Twitter, they were critical ofThe Guardian's reporting. Frederic Jacobs, who actually worked on Signal with Open Whisper Systems, the service's developer, even added his voice to the discussion:
It's ridiculous that this is presented as a backdoor. If you don't verify keys, authenticity of keys is not guaranteed. Well known fact.
— Frederic Jacobs (@FredericJacobs) January 13, 2017
The 'whistleblower'
The Guardianreport cited UC Berkely PhD student Tobias Boelter as having discovered the backdoor and claimed to have an "exclusive" on his findings. But that's not quite true.
As reported, Boelter notified Facebook of the vulnerability back in April 2016. The company then called the issue "expected behavior," confirming the existence of the issue and admitting it to be a feature of the service instead of a "backdoor," telling him "...for now it's not something we're actively working on changing."
In addition to contacting Facebook, Boelter detailed his findings on the vulnerability in a blog post. It wasn't published on an outlet like The Guardian— but Boelter's reports on the subject have been online for the better part of a year.
When contacted by Mashablevia email, Boelter clarified his role in the report. "I gave a 5-minute lightning talk at 33c3 in Hamburg on December 30, 2016 and was contacted by a reporter working for the Guardian afterwards," he said.
Following the article's publication, Boelter posted on the topic once again, discussing the nature of the issue and admitting the different interpretation of what it represents to end users.
WhatsApp's response
After reaching out to a WhatsApp spokesperson for comment, Mashablereceived this response:
The Guardianposted a story this morning claiming that an intentional design decision in WhatsApp that prevents people from losing millions of messages is a “backdoor” allowing governments to force WhatsApp to decrypt message streams. This claim is false [emphasis theirs].
WhatsApp does not give governments a “backdoor” into its systems and would fight any government request to create a backdoor. The design decision referenced in the Guardianstory prevents millions of messages from being lost, and WhatsApp offers people security notifications to alert them to potential security risks. WhatsApp published a technical white paper on its encryption design, and has been transparent about the government requests it receives, publishing data about those requests in the Facebook Government Requests Report.
Later in the day, co-founder of WhatsApp Brian Acton posted a direct response on Reddit, again calling the story "false" and emphatically stating, "WhatsApp would fight any government request to create a backdoor."
In WhatsApp's white paper describing the service, it explicitly states, "WhatsApp servers do not have access to the private keys of WhatsApp users, and WhatsApp users have the option to verify keys in order to ensure the integrity of their communication."
Whether or not this so-called "backdoor" is an issue or a feature depends on your interpretation. In any case, it's probably the best thing to happen to Signal lately.
Featured Video For You
The best way to understand encryption is through this tale of love and mystery
TopicsCybersecurityWhatsApp
相关文章
Hiddleswift finally followed each other on Instagram after 3 excruciating days
On Aug. 13, 1961, Germany began construction of the Berlin Wall, perhaps the greatest symbol of the2025-04-26- 田鑫:其實有很多機會遺憾錯過 爭取下場表現更好_比賽www.ty42.com 日期:2021-10-23 18:31:00| 評論(已有308673條評論)2025-04-26
- 曼城前瞻 :麵對布萊頓誌在複仇 丁丁衝擊三連擊_比賽www.ty42.com 日期:2021-10-23 13:01:00| 評論(已有308607條評論)2025-04-26
- 24日賠率:國家德比巴薩主場不敗 雙紅會平局收場_方麵www.ty42.com 日期:2021-10-24 14:01:00| 評論(已有308828條評論)2025-04-26
Give your kitchen sponge a rest on this adorable bed
Our kitchen sponges do a lot of work. Don't they deserve a good night's rest?"Sure," said design stu2025-04-26- 連勝中日令沙特FIFA積分飆升 國足1勝1負維持原位_中國隊www.ty42.com 日期:2021-10-22 19:31:00| 評論(已有308526條評論)2025-04-26
最新评论