About the alleged WhatsApp backdoor

Published
February 01, 2017
Type
Suggested Reading

Introduction

WhatsApp is a popular messaging application owned by Facebook with a large user-base. In the first half of 2016, WhatsApp introduced end-to-end encryption by default, using the Signal Protocol by Open Whisper Systems –the same protocol used by the application Signal- for protecting the content of user communications in transit.

Back in April 2016, Tobias Boelter, a computer scientist, published a blog post regarding a WhatsApp retransmission vulnerability. In his post, Boelter described how WhatsApp manages key changes and why WhatsApp's approach might be dangerous for its users' privacy. In January 2017, an article from the Guardian reported on the researcher's findings, calling this vulnerability a "backdoor". This article caused a lot of arguments on the topic and polarized the public. This note aims to provide some background information on WhatsApp, quickly describe the way WhatsApp manages key changes -indicating where the issue lies, reference opposing side opinions and describe how the issue can be surpassed.

WhatsApp background

In its end-to-end encryption scheme WhatsApp employs hybrid encryption using public key cryptography to establish an encrypted session (thus it uses public and private keys) and symmetric encryption for securely exchanging messages. A user can initiate a secure session for exchanging messages with another user by utilising the recipient's public key. The whole encryption/decryption process is automated and transparent to end-users. To confirm that an unauthorised party has not initiated a man-in-the-middle attack, communicating parties are assigned a security code, which is destined to be verified amongst the parties through a different communication channel e.g. physical verification and prior to communication.

The WhatsApp retransmission issue

In the case where Bob sends a message to Alice and Alice is offline, the message is not delivered until Alice goes back online. If in the meantime Alice re-installs the application or changes device and then registers to the WhatsApp application again, she will be assigned a new pair of keys and she will receive the message that Bob had sent her earlier. The issue is that despite Alice's keys are changed, WhatsApp automatically re-transmits the message that Bob sent and automatically encrypts it with Alice's new key before it delivers it to her. This happens without the users having re-verified their security codes and without a warning to Bob that Alice's key has changed -if the option "Show security notifications" has not been manually enabled by Bob - prior to the message delivery. According to the researcher, this issue can be exploited by an attacker, government or WhatsApp itself by forcing the generation of a new pair of keys that they control, for an offline user, and automatically receive all in-transit messages/undelivered messages that were intended for a particular recipient.

What did the press say?

Boelter had initially reported the issue to Facebook. Facebook responded that it was aware of the situation but it did not consider this a vulnerability, not to say a backdoor, but a design decision. WhatsApp's co-founder supported WhatsApp through Reddit, stating that WhatsApp does not give governments a backdoor to its systems but instead would fight any request to create a backdoor.

After the Guardian's claim for a backdoor in WhatsApp, Moxie Marlinspike, the founder of Open Whisper Systems published a blog post stating that there is no WhatsApp backdoor. Marlinspike criticised the Guardian for its reporting, for making bold statements without thoroughly verifying them first, and for not asking Open Whisper Systems -the creator of the encryption protocol behind WhatsApp- to comment first.

Several security researchers share the same view and disapprove the Guardian's statement through an open letter to Guardian, requesting the retraction of the article. EFF characterised the decision to call the issue a "backdoor" inaccurate to the point of irresponsibility.

Following Marlinspike's post, Boelter insisted on the severity of the issue through a new blog post. Later on, Boelter tried to keep a distance from supporting the Guardian's choice over the term "backdoor", but insisted that WhatsApp needs to further justify its key management decisions to the users.

An article by the name "A look at how private messengers handle key changes" describes how private messengers handle key changes and sheds light into how WhatsApp's design decision works and how other popular messengers (Signal, Telegram, Wire, Allo) approach the same issue.

What can be done about it?

In order to resolve this issue, WhatsApp would have to adopt a blocking approach and instead of automatically retransmitting messages and encrypting them with the recipient's new key, notify (by default) the sender that the recipient's key has changed and refrain from automatically re-sending the message. In that way, a user would be able to first re-verify the identity of the other communicating party before further exchanging messages.

Given this is a design decision over key management, WhatsApp has already weighted the issue based on the desired usability and necessary security. Thus, it is up to the users to evaluate the risk, based on their profile and threat model and take their own decisions regarding the severity of the issue. People that need a more privacy oriented design decision from their messenger regarding key management should evaluate other options in order to find something that better suits their needs and delivers the security and privacy levels they seek.

WhatsApp users are advised to enable the option "Show security notifications" from the security settings of the application. They should be aware though, that when the option "Show security notifications" is enabled and the recipient's key has changed they receive a security notification after the sent message is delivered to the recipient. Users should always verify the identity of their correspondent through a different communication channel prior to first communication and re-verify their identity in the case they are notified that the receiver's keys have been changed.

Conclusion

Security researchers agree that, calling the WhatsApp issue a "backdoor" is inaccurate and can damage users' trust. If people distrust WhatsApp due to misinformation, they might turn their interest into less secure choices, which might affect their privacy in a much more impactful way.

It is important for the press, researchers and generally people who disclose bugs, vulnerabilities etc. to be objective in their reports, focus on the evidence and do not overplay an issue, creating false hype and buzz around it. It is equally important for researchers to follow responsible and coordinated vulnerability disclosure procedures when reporting an issue and aim for a resolution by consensus with the respective entity. It is crucial for users to receive objective information on serious issues such as security and privacy so that they can critically make their own decisions and protect themselves accordingly.

About "Suggested Reading" from ENISA

With the "Suggested Reading" series ENISA aims at giving the interested reader guidance on controversial and inscrutable NIS related discussions that are carried out in Media, by suggesting selected pre-reviewed articles that in our view explain the issue at hand and related circumstances in a reasonable and understandable manner. This view is derived from past experiences and common sense; in no way should "Suggested Reading" be understood as recommended course of action in a specific incident or investigation, or being a final conclusion. Feel free to get in touch with ENISA to discuss or inquire more information to the "Suggested Reading" series (cert-relations@enisa.europa.eu).

We use cookies to ensure we give you the best browsing experience on our website. Find out more on how we use cookies and how you can change your settings.

Ok, I understand No, tell me more