Thursday, August 27, 2020

Group Instant Messaging: Why Blaming Developers Is Not Fair But Enhancing The Protocols Would Be Appropriate

After presenting our work at Real World Crypto 2018 [1] and seeing the enormous press coverage, we want to get two things straight: 1. Most described weaknesses are only exploitable by the malicious server or by knowing a large secret number and thereby the protocols are still very secure (what we wrote in the paper but some newspapers did not adopt) and 2. we see ways to enhance the WhatsApp protocol without breaking its features.


We are of course very happy that our research reached so many people and even though IT security and cryptography are often hard to understand for outsiders, Andy Greenberg [2], Patrick Beuth [3] and other journalists [4,5,6,7,8] wrote articles that were understandable on the one hand and very accurate and precise on the other hand. In contrast to this, we also saw some inaccurate articles [9,10] that fanned fear and greatly diverged in their description from what we wrote in our paper. We expected this from the boulevard press in Germany and therefore asked them to stick to the facts when they were contacting us. But none of the worst two articles' [9,10] authors contacted us in advance. Since our aim was never to blame any application or protocol but rather we wanted to encourage the developers to enhance the protocols, it contradicts our aim that WhatsApp and Signal are partially declared attackable by "anyone" "easily" [9,10].

Against this background, we understand Moxie's vexation about certain headlines that were on the Internet in the last days [11]. However, we believe that the ones who understand the weaknesses, comprehend that only the malicious server can detectably make use of them (in WhatsApp) or the secret group ID needs to be obtained from a member (in Signal). As such, we want to make clear that our paper does not primarily focus on the description of weaknesses but presents a new approach for analyzing and evaluating the security of group instant messaging protocols. Further we propose measures to enhance the analyzed protocols. The description of the protocols' weaknesses is only one part of the evaluation of our analysis approach and thereby of the investigation of real world protocols. This is the scientific contribution of our paper. The practical contribution of the analyzed messengers, which is the communication confidentiality for billion users (in most cases), is great and should be noted. Therefore we believe that being Signal, WhatsApp, or Threema by applying encryption to all messages and consequently risking research with negative results is much better than being a messenger that does not encrypt group messages end-to-end at all. We do not want to blame messengers that are far less secure (read Moxie's post [11] if you are interested).

Finally we want note that applying security measures according to the ticket approach (as we call it in the paper [12]) to the invitation links would solve the issues that Facebook's security head mentioned in his reply [13] on our findings. To our knowledge, adding authenticity to group update messages would not affect invitation links: If no invitation link was generated for a group, group members should only accept joining users if they were added by an authentic group update message. As soon as a group invitation link was generated, all joining users would need to be accepted as new group members with the current design. However there are plenty ways how WhatsApp could use invitation links without endowing the server with the power to manage groups without the group admins' permission:
One approach would be generating the invitation links secretly and sharing them without the knowledge of the server. An invitation link could then contain a secret ticket for the group and the ID of the group. As soon as a user, who received the link, wants to join the group, she can request the server with the group ID to obtain all current group members. The secret ticket can now be sent to all existing group members encrypted such that the legitimate join can be verified.

Of course this would require engineering but the capability of WhatsApp, shipping drastic protocol updates, can be assumed since they applied end-to-end encryption in the first place.

[1] https://www.youtube.com/watch?v=i5i38WlHfds
[2] https://www.wired.com/story/whatsapp-security-flaws-encryption-group-chats/
[3] http://www.spiegel.de/netzwelt/apps/whatsapp-gruppenchats-schwachstelle-im-verschluesselungs-protokoll-a-1187338.html
[4] http://www.sueddeutsche.de/digital/it-sicherheit-wie-fremde-sich-in-whatsapp-gruppenchats-einladen-koennen-1.3821656
[5] https://techcrunch.com/2018/01/10/security-researchers-flag-invite-bug-in-whatsapp-group-chats/
[6] http://www.telegraph.co.uk/technology/2018/01/10/whatsapp-bug-raises-questions-group-message-privacy/
[7] http://www.handelsblatt.com/technik/it-internet/verschluesselung-umgangen-forscher-finden-sicherheitsluecke-bei-whatsapp/20836518.html
[8] https://www.heise.de/security/meldung/WhatsApp-und-Signal-Forscher-beschreiben-Schwaechen-verschluesselter-Gruppenchats-3942046.html
[9] https://www.theinquirer.net/inquirer/news/3024215/whatsapp-bug-lets-anyone-easily-infiltrate-private-group-chats
[10] http://www.dailymail.co.uk/sciencetech/article-5257713/WhatsApp-security-flaw-lets-spy-private-chats.html
[11] https://news.ycombinator.com/item?id=16117487
[12] https://eprint.iacr.org/2017/713.pdf
[13] https://twitter.com/alexstamos/status/951169036947107840

Further articles:
- Matthew Green's blog post: https://blog.cryptographyengineering.com/2018/01/10/attack-of-the-week-group-messaging-in-whatsapp-and-signal/
- Schneier on Security: https://www.schneier.com/blog/archives/2018/01/whatsapp_vulner.html
- Bild: http://www.bild.de/digital/smartphone-und-tablet/whatsapp/whatsapp-sicherheitsluecke-in-gruppenchats-54452080.bild.html
- Sun: https://www.thesun.co.uk/tech/5316110/new-whatsapp-bug-how-to-stay-safe/

Read more


  1. Pentest Tools Port Scanner
  2. Hack Tools Online
  3. Underground Hacker Sites
  4. Nsa Hack Tools Download
  5. Hacking Tools Kit
  6. Game Hacking
  7. Best Hacking Tools 2019
  8. New Hack Tools
  9. Hack Tools 2019
  10. Hacking Apps
  11. Pentest Reporting Tools
  12. Free Pentest Tools For Windows
  13. Hacker
  14. New Hack Tools
  15. Pentest Tools List
  16. Hacker Tool Kit
  17. Hacker Tools Apk
  18. Tools For Hacker
  19. Pentest Tools Subdomain
  20. Hacker Tools Mac
  21. Free Pentest Tools For Windows
  22. Hacking Tools Windows 10
  23. Hacking Tools Windows 10
  24. Pentest Tools Find Subdomains
  25. Pentest Tools Url Fuzzer
  26. Pentest Tools Find Subdomains
  27. Pentest Tools Open Source
  28. Hack Tools For Ubuntu
  29. Hacking Tools
  30. Hacking Tools For Windows 7
  31. Black Hat Hacker Tools
  32. Hacker Tool Kit
  33. Best Pentesting Tools 2018
  34. Hacking Tools 2019
  35. Hacking Tools Usb
  36. Nsa Hacker Tools
  37. Pentest Tools Website Vulnerability
  38. Pentest Tools Nmap
  39. Tools 4 Hack
  40. Pentest Tools Review
  41. Hacking Tools Download
  42. Hack App
  43. Pentest Tools Subdomain
  44. Pentest Tools Linux
  45. Hack Tools For Mac
  46. Best Hacking Tools 2020
  47. Best Hacking Tools 2020
  48. Ethical Hacker Tools
  49. Ethical Hacker Tools
  50. Pentest Tools Alternative
  51. Hack And Tools
  52. Hacking Tools And Software
  53. Pentest Tools For Ubuntu
  54. Hacking Tools Software
  55. Bluetooth Hacking Tools Kali
  56. Hack Tools 2019
  57. Hack Tools Online
  58. Hacking Tools
  59. Hacking Tools Online
  60. Hacker Tools
  61. Hacks And Tools
  62. Hack Tools Pc
  63. Pentest Tools Android
  64. Pentest Tools Kali Linux
  65. Hack Website Online Tool
  66. Pentest Tools Kali Linux
  67. Pentest Tools For Windows
  68. Hacking Tools Online
  69. Underground Hacker Sites
  70. Hacker Tools
  71. Hack Tools For Mac
  72. Pentest Tools For Mac
  73. Hackers Toolbox
  74. Hacking Tools For Pc
  75. Tools For Hacker
  76. Hacking Tools For Windows
  77. Hacking Tools For Mac
  78. Pentest Recon Tools
  79. Pentest Tools Online
  80. Hacker
  81. Hack Tools Github
  82. Hack Tools Github
  83. Beginner Hacker Tools
  84. Best Pentesting Tools 2018
  85. How To Install Pentest Tools In Ubuntu
  86. Hacker Techniques Tools And Incident Handling
  87. Hacking Tools For Pc
  88. Hak5 Tools
  89. Hacker Tools For Mac
  90. Pentest Tools Linux
  91. Hacking Tools Hardware
  92. Pentest Tools Framework
  93. Hacker Tools For Windows
  94. Hacker Tools Free
  95. Pentest Tools Download
  96. Tools For Hacker
  97. Pentest Tools For Ubuntu
  98. Hackrf Tools
  99. Hacking Tools Mac
  100. Pentest Tools Nmap
  101. Hacks And Tools
  102. Hacker Tools 2020
  103. Hacking Tools For Kali Linux
  104. Nsa Hack Tools Download
  105. Nsa Hack Tools Download
  106. Hacking Tools Name
  107. Pentest Recon Tools
  108. Hack Tools Online
  109. Hackrf Tools
  110. Hack Tool Apk No Root
  111. Hack Tools For Mac
  112. Pentest Box Tools Download
  113. New Hack Tools
  114. Pentest Tools Download
  115. Hacking Tools Windows 10
  116. Pentest Tools Linux
  117. Hackers Toolbox
  118. Hack Tools
  119. Black Hat Hacker Tools
  120. Pentest Tools Open Source
  121. Pentest Tools Free
  122. Hacker Tools 2020
  123. Hacking Tools For Beginners
  124. Beginner Hacker Tools
  125. Hacker Tools For Mac
  126. Hacker Tools Free Download
  127. Hack Tool Apk
  128. Hacking Tools For Pc
  129. Hack And Tools
  130. Best Hacking Tools 2019
  131. Hacking Tools And Software
  132. Hacking App
  133. Hacking Tools For Mac
  134. Hack Tools For Mac
  135. Hack App
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)