We can debate end-to-end encryption until the end of days, but it is not a universal panacea
WhatsApp has come under fire lately. It turns out its vaunted end-to-end-encrypted messages, “may be vulnerable to third-party snooping after all.” Or, they may not. Depends on whom you ask.
WhatsApp, which has become widely used for private and sensitive communication around the world (though anecdotally, not a whole lot of American folks seem to be using it), uses unique security keys generated using Open Whisper Systems’ rock-solid Signal protocol that uses encryption keys to guarantee communications are secure and cannot be intercepted by a middleman. But within WhatsApp’s implementation of this protocol there’s a … flaw:
The Guardian writes:
A security vulnerability that can be used to allow Facebook and others to intercept and read encrypted messages has been found within its WhatsApp messaging service….WhatsApp has the ability to force the generation of new encryption keys for offline users, unbeknown to the sender and recipient of the messages, and to make the sender re-encrypt messages with new keys and send them again for any messages that have not been marked as delivered.
The recipient is not made aware of this change in encryption, while the sender is only notified if they have opted-in to encryption warnings in settings, and only after the messages have been re-sent. This re-encryption and rebroadcasting of previously undelivered messages effectively allows WhatsApp to intercept and read some users’ messages.
The jury is out
When independent security researcher Tobias Boelter reported this in April 2016, WhatsApp said this was normal. Indeed, WhatsApp replied to the Guardian article in a letter to TechCrunch, which read: “The Guardian posted a story this morning claiming that an intentional design decision in WhatsApp that prevents people from losing millions of messages is a “backdoor” allowing governments to force WhatsApp to decrypt message streams. This claim is false.”
WhatsApp continued that message by stating clearly that it did not allow government backdoors and would fight any governmental attempts to gain backdoors in the future. Rather than representing a vulnerability, the “design decision” prevents messages from being lost, the company said.
Moxie Marlinspike of Open Whisper Systems — the company that designed the Signal protocol and worked with WhatsApp to implement it — wrote a blog post, dated Jan. 17, denouncing the Guardian report. “There are many quotes in the article, but it seems that the Guardian put very little effort into verifying the original technical claims they’ve made,” he wrote. “Even though we are the creators of the encryption protocol supposedly ‘backdoored’ by WhatsApp, we were not asked for comment. Instead, most of the quotes in the story are from policy and advocacy organizations who seem to have been asked ‘WhatsApp put a backdoor in their encryption, do you think that’s bad?'”
He points out that some rogue WhatsApp admin could try to man-in-the-middle conversations, but that users who take the trouble to verify keys can catch them out. He concludes, “We believe that WhatsApp remains a great choice for users concerned with the privacy of their message content.”
A blog run by a self-described Austrian security pro, posted on the same day, notes: “This is how a man-in-the-middle attack works and it only works when both parties — which are communicating with each other — do not verify the fingerprints of the exchanged keys.” But the blogger notes: “It seems that the WhatsApp still sends the message even when the keys have changed. At the time of writing there seems to be no way of opting this out…”
This could go to appeal
So, as always, more than one opinion seems to exist about whether WhatsApp’s “backdoor” is, in fact, a backdoor.
But whether or not this is a vulnerability, there’s a larger point here. It’s important not see end-to-end encryption as a magic security bullet. Even a service with end-to-end encrypted messaging, using highly secure algorithms, may be vulnerable.
This is because encryption is only one part of the security equation. It may protect against man-in-the-middle intercepts, but users can, and often do, leave themselves open to attack in other ways.
Personal customer and employee records, sensitive enterprise-critical data, the precise movements of senior executives and other targets for criminals, overseas-powers, and non-aligned, freelance actors – all of these nuggets of information, and infinitely more, are being routinely communicated globally, on a second-by-second basis.
Today’s enterprises have too much at stake. There’s technical security, and then there’s human error, inattention, and complacency. All the encryption in the world won’t save sloppy businesses from a date with Madame Guillotine.