Sunday, August 30, 2020

Group Instant Messaging: Why Blaming Developers Is Not Fair But Enhancing The Protocols Would Be Appropriate

After presenting our work at Real World Crypto 2018 [1] and seeing the enormous press coverage, we want to get two things straight: 1. Most described weaknesses are only exploitable by the malicious server or by knowing a large secret number and thereby the protocols are still very secure (what we wrote in the paper but some newspapers did not adopt) and 2. we see ways to enhance the WhatsApp protocol without breaking its features.


We are of course very happy that our research reached so many people and even though IT security and cryptography are often hard to understand for outsiders, Andy Greenberg [2], Patrick Beuth [3] and other journalists [4,5,6,7,8] wrote articles that were understandable on the one hand and very accurate and precise on the other hand. In contrast to this, we also saw some inaccurate articles [9,10] that fanned fear and greatly diverged in their description from what we wrote in our paper. We expected this from the boulevard press in Germany and therefore asked them to stick to the facts when they were contacting us. But none of the worst two articles' [9,10] authors contacted us in advance. Since our aim was never to blame any application or protocol but rather we wanted to encourage the developers to enhance the protocols, it contradicts our aim that WhatsApp and Signal are partially declared attackable by "anyone" "easily" [9,10].

Against this background, we understand Moxie's vexation about certain headlines that were on the Internet in the last days [11]. However, we believe that the ones who understand the weaknesses, comprehend that only the malicious server can detectably make use of them (in WhatsApp) or the secret group ID needs to be obtained from a member (in Signal). As such, we want to make clear that our paper does not primarily focus on the description of weaknesses but presents a new approach for analyzing and evaluating the security of group instant messaging protocols. Further we propose measures to enhance the analyzed protocols. The description of the protocols' weaknesses is only one part of the evaluation of our analysis approach and thereby of the investigation of real world protocols. This is the scientific contribution of our paper. The practical contribution of the analyzed messengers, which is the communication confidentiality for billion users (in most cases), is great and should be noted. Therefore we believe that being Signal, WhatsApp, or Threema by applying encryption to all messages and consequently risking research with negative results is much better than being a messenger that does not encrypt group messages end-to-end at all. We do not want to blame messengers that are far less secure (read Moxie's post [11] if you are interested).

Finally we want note that applying security measures according to the ticket approach (as we call it in the paper [12]) to the invitation links would solve the issues that Facebook's security head mentioned in his reply [13] on our findings. To our knowledge, adding authenticity to group update messages would not affect invitation links: If no invitation link was generated for a group, group members should only accept joining users if they were added by an authentic group update message. As soon as a group invitation link was generated, all joining users would need to be accepted as new group members with the current design. However there are plenty ways how WhatsApp could use invitation links without endowing the server with the power to manage groups without the group admins' permission:
One approach would be generating the invitation links secretly and sharing them without the knowledge of the server. An invitation link could then contain a secret ticket for the group and the ID of the group. As soon as a user, who received the link, wants to join the group, she can request the server with the group ID to obtain all current group members. The secret ticket can now be sent to all existing group members encrypted such that the legitimate join can be verified.

Of course this would require engineering but the capability of WhatsApp, shipping drastic protocol updates, can be assumed since they applied end-to-end encryption in the first place.

[1] https://www.youtube.com/watch?v=i5i38WlHfds
[2] https://www.wired.com/story/whatsapp-security-flaws-encryption-group-chats/
[3] http://www.spiegel.de/netzwelt/apps/whatsapp-gruppenchats-schwachstelle-im-verschluesselungs-protokoll-a-1187338.html
[4] http://www.sueddeutsche.de/digital/it-sicherheit-wie-fremde-sich-in-whatsapp-gruppenchats-einladen-koennen-1.3821656
[5] https://techcrunch.com/2018/01/10/security-researchers-flag-invite-bug-in-whatsapp-group-chats/
[6] http://www.telegraph.co.uk/technology/2018/01/10/whatsapp-bug-raises-questions-group-message-privacy/
[7] http://www.handelsblatt.com/technik/it-internet/verschluesselung-umgangen-forscher-finden-sicherheitsluecke-bei-whatsapp/20836518.html
[8] https://www.heise.de/security/meldung/WhatsApp-und-Signal-Forscher-beschreiben-Schwaechen-verschluesselter-Gruppenchats-3942046.html
[9] https://www.theinquirer.net/inquirer/news/3024215/whatsapp-bug-lets-anyone-easily-infiltrate-private-group-chats
[10] http://www.dailymail.co.uk/sciencetech/article-5257713/WhatsApp-security-flaw-lets-spy-private-chats.html
[11] https://news.ycombinator.com/item?id=16117487
[12] https://eprint.iacr.org/2017/713.pdf
[13] https://twitter.com/alexstamos/status/951169036947107840

Further articles:
- Matthew Green's blog post: https://blog.cryptographyengineering.com/2018/01/10/attack-of-the-week-group-messaging-in-whatsapp-and-signal/
- Schneier on Security: https://www.schneier.com/blog/archives/2018/01/whatsapp_vulner.html
- Bild: http://www.bild.de/digital/smartphone-und-tablet/whatsapp/whatsapp-sicherheitsluecke-in-gruppenchats-54452080.bild.html
- Sun: https://www.thesun.co.uk/tech/5316110/new-whatsapp-bug-how-to-stay-safe/
More information
  1. Hacker Tools Github
  2. Underground Hacker Sites
  3. New Hacker Tools
  4. Hacking Tools Name
  5. Hack Tools
  6. Install Pentest Tools Ubuntu
  7. Hack Tools For Games
  8. Black Hat Hacker Tools
  9. Hacker Tools Mac
  10. Hacker Tools Linux
  11. Pentest Tools
  12. Pentest Tools Website
  13. Hacker Tools List
  14. How To Install Pentest Tools In Ubuntu
  15. Hacker Tool Kit
  16. How To Hack
  17. Hak5 Tools
  18. Hacking Tools For Kali Linux
  19. Hack Tools Online
  20. Hacking Apps
  21. Hacking Tools For Windows
  22. Hacking Tools For Kali Linux
  23. Hacking Tools Windows 10
  24. What Is Hacking Tools
  25. Hacker Hardware Tools
  26. Computer Hacker
  27. Pentest Tools For Android
  28. Hack Website Online Tool
  29. Hacker Tool Kit
  30. Hack Website Online Tool
  31. Pentest Tools Open Source
  32. Pentest Tools Online
  33. Bluetooth Hacking Tools Kali
  34. Hacker Tools For Mac
  35. Pentest Tools Android
  36. Pentest Tools For Android
  37. Beginner Hacker Tools
  38. Hacking Tools
  39. Hacker Tool Kit
  40. Hacker Tools For Mac
  41. Hacker Tools For Pc
  42. Pentest Tools Website Vulnerability
  43. Hacking Tools For Kali Linux
  44. Pentest Tools Website
  45. Hacking Tools Free Download
  46. Pentest Recon Tools
  47. Pentest Tools For Ubuntu
  48. Hacker Tools For Mac
  49. Pentest Tools Framework
  50. Tools For Hacker
  51. Hacker Tools 2019
  52. Game Hacking
  53. Hacking Tools Online
  54. Pentest Tools Tcp Port Scanner
  55. Game Hacking
  56. Hacker Tools Mac
  57. Hacker Tools Linux
  58. Blackhat Hacker Tools
  59. Pentest Tools Open Source
  60. Blackhat Hacker Tools
  61. Hacking Tools For Windows 7
  62. Hack App
  63. Hacking Tools For Pc
  64. Github Hacking Tools
  65. Hack Tool Apk
  66. Pentest Tools Linux
  67. Hacking Tools For Beginners
  68. Hacker Tools Github
  69. Pentest Tools Port Scanner
  70. Install Pentest Tools Ubuntu
  71. Pentest Reporting Tools
  72. How To Install Pentest Tools In Ubuntu
  73. Hack Tools Online
  74. Pentest Tools Framework
  75. Tools 4 Hack
  76. Pentest Tools Alternative
  77. Tools Used For Hacking
  78. Pentest Tools Url Fuzzer
  79. Pentest Tools Url Fuzzer
  80. Hacks And Tools
  81. Hacking Tools For Windows Free Download
  82. Black Hat Hacker Tools
  83. Pentest Tools For Mac
  84. Hacking Tools Usb
  85. Hacker Tool Kit
  86. Pentest Tools Bluekeep
  87. Pentest Tools Alternative
  88. Tools 4 Hack
  89. Hacker Tools 2020
  90. Bluetooth Hacking Tools Kali
  91. What Are Hacking Tools
  92. Hack Tools For Pc
  93. Pentest Tools Port Scanner
  94. Hack Website Online Tool
  95. Pentest Box Tools Download
  96. Hacking App
  97. Hack Tools Mac
  98. Hacker Tools List
  99. Blackhat Hacker Tools
  100. Hacker Tools For Ios
  101. Pentest Tools Nmap
  102. Best Pentesting Tools 2018
  103. Hack And Tools
  104. Hacker Tools
  105. Hack Tools Online
  106. Hack Tools Mac
  107. Hacking Tools Github
  108. Hacker Tools List
  109. Hacker Tools List
  110. How To Make Hacking Tools
  111. Easy Hack Tools
  112. Hacker Tools Mac
  113. Pentest Tools Online
  114. Beginner Hacker Tools
  115. Hacker Tools Online
  116. Growth Hacker Tools
  117. Hacking Tools Pc
  118. Hacker Tools Free
  119. Hacking Tools Download
  120. Pentest Tools Website Vulnerability
  121. What Is Hacking Tools
  122. Pentest Tools Online
  123. Pentest Tools Port Scanner
  124. What Is Hacking Tools
  125. Hacker Security Tools
  126. Hacker Tools
  127. Hack Tools
  128. Hacker Security Tools
  129. Hack Tools For Games
  130. Bluetooth Hacking Tools Kali
  131. Hacking Apps
  132. Nsa Hacker Tools
  133. Hacking Tools For Pc
  134. Hacker Tools For Pc
  135. Hacking Tools 2019
  136. Hacking Tools Name
  137. Bluetooth Hacking Tools Kali
  138. How To Install Pentest Tools In Ubuntu
  139. Hacker Tools For Mac
  140. Pentest Tools Online
  141. Hacking Tools For Games
  142. Hacker Tools For Mac
  143. Pentest Recon Tools
  144. Hacker Security Tools
  145. Hacking Tools Pc
  146. Nsa Hacker Tools
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)