The Guardian’s False Claims of a WhatsApp Backdoor Harm Users.
Last week, The Guardian published a story about a “backdoor” in the popular messaging app WhatsApp. The story immediately sparked a strong reaction from the Info Sec community, who criticized the publication for wrongly classifying the vulnerability as a “backdoor.”
The Guardian’s story focused on how WhatsApp handles keypair changes. Because of the app’s behavior, which by default does not notify users when a keypair changes, The Guardian claimed WhatsApp had a backdoor which allowed “Facebook and others,” implying government actors, to “intercept and read encrypted messages.”
The WhatsApp Backdoor isn’t a Backdoor at all
The issue at hand – how secure messaging apps should handle device/key changes – has been described by Info Sec professionals as a design trade-off, not a backdoor.
What WhatsApp has is a vulnerability. In this case, the WhatsApp security vulnerability is the result of a purposeful design decision which prioritized usability over security.
[su_pullquote]While the WhatsApp security vulnerability is nuanced, there is no excuse for misusing these terms.[/su_pullquote]
This is not just a case of undue nitpicking about technical terms. The distinction is incredibly important. A backdoor is a serious and well understood threat to secure communication. With the recent popularity of secure messaging and end-to-end encryption, backdoors are also a real concern for users and security researchers.
Users concerned with security certainly know what a backdoor is. After the lawsuit between Apple and the FBI over unlocking the iPhone used in San Bernardino attack, even the general public has some familiarity. While the WhatsApp security vulnerability is nuanced, there is no excuse for misusing these terms.
Raising false fears about a backdoor in an app used by one billion people is major cause for concern. The Guardian then published a follow up, essentially doubling-down on its claim rather than responding to the valid criticism of the Info Sec community.
What is the WhatsApp Security Vulnerability?
The vulnerability itself is complicated – we think the EFF did a great job explaining it in depth. But here is a quick(ish) summary:
WhatsApp encrypts your messages using keypairs, similar to the way that the PGP and SSL/TLS protocols work.
When one of your contacts changes keypairs, WhatsApp does not alert you. In addition, any messages that are in transit (indicated by a single checkmark) are automatically re-encrypted and resent with that new keypair. By default, neither the sender or recipient would know this has happened.
A keypair change is not necessarily a bad thing. It could be an intentional change as a result of reinstalling the app or changing SIM cards. For some users, especially in developing countries, these changes are common. For instance, in places where prepaid phones/service is popular, you may be switching SIM cards on a monthly basis (or even more frequently).
But a keypair change could also be performed by an attacker who has stolen your device or has the ability to implement network-level attacks (like a government).
Because of WhatsApp’s behavior, your messages, which were sent to a verified keypair, could be delivered to a new keypair (which you have not verified). This puts you at risk of sending sensitive information to an attacker, and with the default settings of WhatsApp, there is no way to stop this. This is essentially a ‘silent’ man-in-the-middle attack.
Sounds bad right? It is true that this is not ideal, and that there is a security risk here. But this is the result of a decision that has no perfect solutions. If you decide to resend the messages, like WhatsApp did, you run the risk of letting an attacker receive sensitive messages, but it allows for a seamless discussion (more usable). If you block the messages, then the recipient may miss important information and it causes a gap in the conversation (more secure). This is the tradeoff.
Why the WhatsApp Security Vulnerability isn’t a Backdoor
So we have established what the WhatsApp Security Vulnerability is, but why is it not a backdoor?
A backdoor is an intentionally designed secret way to gain access to a system. In the context of secure communication, a backdoor is usually designed to circumvent encryption or other measures that protect users.
[su_pullquote align=”right”]This is an intentional design decision by WhatsApp. The alternative choice – to block messages – has its own disadvantages.[/su_pullquote]
A backdoor could be designed by the developers, or snuck in. Last year, a true backdoor was found in an operating system written by Juniper Systems. That backdoor allowed the system’s encryption to be trivially defeated. It was inconclusive if Juniper knew the backdoor existed, or if a third-party had managed to get it into their code.
A vulnerability on the other hand, is the result of an accidental design flaw or bug. In this case, WhatsApp’s vulnerability can be described as a design flaw. Though we think it’s more fair to describe it as a necessary trade-off.
Another key part of a backdoor is that it is undocumented and hidden. Given that WhatsApp has an optional setting to notify you of key changes, it’s hard to argue this vulnerability meets any of these requirements.
Last year, WhatsApp adopted the Signal protocol for end-to-end encryption. Signal is both the name of a secure messaging app, and a protocol. Both the app and protocol were created by Open Whisper Systems, and both are widely regarded as the best options for secure communication.
However, WhatsApp chose to make different decisions for its implementation and default settings. Signal, which is primarily designed and advertised as a secure messenger, does not have the same vulnerability as WhatsApp. In Signal, when a user changes keys, it “blocks” the conversation until the sender acknowledges and verifies the new key. Any messages that were not yet delivered to the recipient are lost and need to be resent.
The Guardian characterized WhatsApp’s vulnerability as a backdoor due to the contrasting choices the apps made in regards to a key change. But we want to reiterate: This is not a backdoor. Even Moxie Marlinspike, co-founder of Open Whisper Systems and co-creator of the Signal protocol, has said that this is not a backdoor.
This is an intentional design decision by WhatsApp. The alternative choice – to block messages – has its own disadvantages. The tradeoff here is between usability and security, and WhatsApp, being a mainstream app, choose usability. It is hard to fault WhatsApp when you consider its core audience.
Calling it a Backdoor is Irresponsible
After The Guardian published its article, Zeynep Tufekci took to Twitter to criticize its inaccurate claims. Tufekci, a professor, journalist, and activist, spends time educating people in Turkey about secure communication.
.@SamuelGibbs OFFICIALS IN TURKEY USING YOUR MISLEADING PIECE ON THE NON-EXISTENT WHATSAPP “BACKDOOR” TO PUSH FOLKS TO INSECURE CHANNELS.
— Zeynep Tufekci (@zeynep) January 15, 2017
No, that is exactly what happens. People falsely told that WhatsApp has a backdoor, so might as well use easy SMS… https://t.co/UAa14yu6Kg
— Zeynep Tufekci (@zeynep) January 15, 2017
The Guardian’s misuse of the term “backdoor” has allowed misinformation to spread, and allowed nefarious organizations to deter people from using secure messaging. There is real irresponsibility in misusing the term “backdoor,” much in the same way that using the term “pandemic” to describe a few people getting sick would be irresponsible. We need to remember that most people are not reading past the headline, and central claims will be quoted and reposted without context.
User do get fatigued and discouraged. If you tell them that WhatsApp has a “backdoor” and will leave them as vulnerable as SMS text messaging, they will become frustrated, and they will go back to SMS because it’s more familiar.
If there are major problems with a program’s security, it should be called out. Other messaging apps, like Telegram, have widely been discredited as “secure messengers” due to a number of serious design flaws. But in this case, the alarm over WhatsApp will do more harm than good.
The EFF recommends that “if you are a high-risk user whose safety might be compromised by a single revealed message, you may want to consider alternative applications.” The overwhelming recommendation from the Info Sec community is to use Signal for secure messaging. There is an app available for iOS, Android, and macOS.