Last week, The Guardian published a story about a \u201cbackdoor\u201d in the popular messaging app WhatsApp<\/a>. The story immediately sparked a strong reaction from the Info Sec community, who criticized the publication for wrongly classifying the vulnerability as a \u201cbackdoor.\u201d<\/p>\n <\/p>\n <\/p>\n The Guardian\u2019s story focused on how WhatsApp handles keypair changes. Because of the app\u2019s behavior, which by default does not notify users when a keypair changes, The Guardian claimed WhatsApp had a backdoor which allowed \u201cFacebook and others,\u201d implying government actors, to \u201cintercept and read encrypted messages.\u201d<\/p>\n The EFF described The Guardian\u2019s story as \u201csensational<\/a>.\u201d SwiftOnSecurity (a popular Twitter persona in the Info Sec community) said that most experts they knew \u201chave flatly rejected<\/a>\u201d the claims.<\/p>\n The issue at hand \u2013 how secure messaging apps should handle device\/key changes \u2013 has been described by Info Sec professionals as a design trade-off, not a backdoor.<\/p>\n What WhatsApp has is a vulnerability. In this case, the WhatsApp security vulnerability<\/a> is the result of a purposeful design decision which prioritized usability over security.<\/p>\n [su_pullquote]While the WhatsApp security vulnerability is nuanced, there is no excuse for misusing these terms.[\/su_pullquote]<\/p>\n This is not just a case of undue nitpicking about technical terms. The distinction is incredibly important. A backdoor is a serious and well understood threat to secure communication. With the recent popularity of secure messaging and end-to-end encryption, backdoors are also a real concern for users and security researchers.<\/p>\n Users concerned with security certainly know what a backdoor is. After the lawsuit between Apple and the FBI over unlocking the iPhone used in San Bernardino attack, even the general public has some familiarity. While the WhatsApp security vulnerability is nuanced, there is no excuse for misusing these terms.<\/p>\n Raising false fears about a backdoor in an app used by one billion people is major cause for concern. The Guardian then published a follow up,<\/a> essentially doubling-down on its claim rather than responding to the valid criticism of the Info Sec community.<\/p>\n The vulnerability itself is complicated \u2013 we think the EFF did a great job explaining it in depth<\/a>. But here is a quick(ish) summary:<\/p>\n WhatsApp encrypts your messages using keypairs, similar to the way that the PGP and SSL\/TLS protocols work.<\/p>\n When one of your contacts changes keypairs, WhatsApp does not alert you. In addition, any messages that are in transit (indicated by a single checkmark) are automatically re-encrypted and resent with that new keypair. By default, neither the sender or recipient would know this has happened.<\/p>\n A keypair change is not necessarily a bad thing. It could be an intentional change as a result of reinstalling the app or changing SIM cards. For some users, especially in developing countries, these changes are common. For instance, in places where prepaid phones\/service is popular, you may be switching SIM cards on a monthly basis (or even more frequently).<\/p>\n But a keypair change could also be performed by an attacker who has stolen your device or has the ability to implement network-level attacks (like a government).<\/p>\n Because of WhatsApp\u2019s behavior, your messages, which were sent to a verified keypair, could be delivered to a new keypair (which you have not verified). This puts you at risk of sending sensitive information to an attacker, and with the default settings of WhatsApp, there is no way to stop this. This is essentially a \u2018silent\u2019 man-in-the-middle attack.<\/p>\n Sounds bad right? It is true that this is not ideal, and that there is a security risk here. But this is the result of a decision that has no perfect solutions. If you decide to resend the messages, like WhatsApp did, you run the risk of letting an attacker receive sensitive messages, but it allows for a seamless discussion (more usable). If you block the messages, then the recipient may miss important information and it causes a gap in the conversation (more secure). This is the tradeoff.<\/p>\n So we have established what the WhatsApp Security Vulnerability is, but why is it not a backdoor?<\/p>\n A backdoor is an intentionally designed secret way to gain access to a system. In the context of secure communication, a backdoor is usually designed to circumvent encryption or other measures that protect users.<\/p>\n [su_pullquote align=”right”]This is an intentional design decision by WhatsApp. The alternative choice \u2013 to block messages \u2013 has its own disadvantages.[\/su_pullquote]<\/p>\n A backdoor could be designed by the developers, or snuck in. Last year, a true backdoor was found<\/a> in an operating system written by Juniper Systems. That backdoor allowed the system\u2019s encryption to be trivially defeated. It was inconclusive if Juniper knew the backdoor existed, or if a third-party had managed to get it into their code.<\/p>\n A vulnerability on the other hand, is the result of an accidental design flaw or bug. In this case, WhatsApp\u2019s vulnerability can be described as a design flaw. Though we think it\u2019s more fair to describe it as a necessary trade-off.<\/p>\n Another key part of a backdoor is that it is undocumented and hidden. Given that WhatsApp has an optional setting to notify you of key changes, it\u2019s hard to argue this vulnerability meets any of these requirements.<\/p>\n Last year, WhatsApp adopted the Signal protocol for end-to-end encryption. Signal is both the name of a secure messaging app, and a protocol. Both the app and protocol were created by Open Whisper Systems, and both are widely regarded as the best options for secure communication.<\/p>\n However, WhatsApp chose to make different decisions for its implementation and default settings. Signal, which is primarily designed and advertised as a secure messenger, does not have the same vulnerability as WhatsApp. In Signal, when a user changes keys, it \u201cblocks\u201d the conversation until the sender acknowledges and verifies the new key. Any messages that were not yet delivered to the recipient are lost and need to be resent.<\/p>\n The Guardian characterized WhatsApp\u2019s vulnerability as a backdoor due to the contrasting choices the apps made in regards to a key change. But we want to reiterate: This is not a backdoor<\/strong>. Even Moxie Marlinspike, co-founder of Open Whisper Systems and co-creator of the Signal protocol, has said that this is not a backdoor<\/a>.<\/p>\n This is an intentional design decision by WhatsApp. The alternative choice \u2013 to block messages \u2013\u00a0has its own disadvantages. The tradeoff here is between usability and security, and WhatsApp, being a mainstream app, choose usability. It is hard to fault WhatsApp when you consider its core audience.<\/p>\n After The Guardian published its article, Zeynep Tufekci took to Twitter to criticize its inaccurate claims. Tufekci, a professor, journalist, and activist, spends time educating people in Turkey about secure communication.<\/p>\n .@SamuelGibbs<\/a> OFFICIALS IN TURKEY USING YOUR MISLEADING PIECE ON THE NON-EXISTENT WHATSAPP “BACKDOOR” TO PUSH FOLKS TO INSECURE CHANNELS.<\/p>\n \u2014 Zeynep Tufekci (@zeynep) January 15, 2017<\/a><\/p><\/blockquote>\n \/\/platform.twitter.com\/widgets.js<\/a><\/p>\n No, that is exactly what happens. People falsely told that WhatsApp has a backdoor, so might as well use easy SMS… https:\/\/t.co\/UAa14yu6Kg<\/a><\/p>\n \u2014 Zeynep Tufekci (@zeynep) January 15, 2017<\/a><\/p><\/blockquote>\n \/\/platform.twitter.com\/widgets.js<\/a><\/p>\n The Guardian\u2019s misuse of the term \u201cbackdoor\u201d has allowed misinformation to spread, and allowed nefarious organizations to deter people from using secure messaging. There is real irresponsibility in misusing the term \u201cbackdoor,\u201d much in the same way that using the term \u201cpandemic\u201d to describe a few people getting sick would be irresponsible. We need to remember that most people are not reading past the headline, and central claims will be quoted and reposted without context.<\/p>\n User do get fatigued and discouraged. If you tell them that WhatsApp has a \u201cbackdoor\u201d and will leave them as vulnerable as SMS text messaging, they will become frustrated, and they will go back to SMS because it\u2019s more familiar.<\/p>\n If there are major problems with a program\u2019s security, it should be called out. Other messaging apps, like Telegram, have widely been discredited as \u201csecure messengers\u201d due to a number of serious design flaws. But in this case, the alarm over WhatsApp will do more harm than good.<\/p>\n The EFF recommends that \u201cif you are a high-risk user whose safety might be compromised by a single revealed message, you may want to consider alternative applications.\u201d The overwhelming recommendation from the Info Sec community is to use Signal for secure messaging. There is an app available for iOS<\/a>, Android<\/a>, and macOS<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":" The Guardian\u2019s False Claims of a WhatsApp Backdoor Harm Users. Last week, The Guardian published a story about a \u201cbackdoor\u201d in the popular messaging app WhatsApp. The story immediately sparked…<\/p>\n","protected":false},"author":2,"featured_media":3391,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":"","tve_updated_post":"","tve_custom_css":"","tve_user_custom_css":"","tve_globals":{},"tcb2_ready":0,"tcb_editor_enabled":0,"tve_landing_page":"","_tve_header":"","_tve_footer":""},"categories":[16],"tags":[175,182,353,355,354,352,351,350],"class_list":["post-3390","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-hashing-out-cyber-security","tag-cybersecurity","tag-encryption","tag-info-sec-community","tag-signal","tag-the-guardian","tag-whatsapp","tag-whatsapp-backdoor","tag-whatsapp-security-vulnerability","post-with-tags"],"views":8101,"jetpack_featured_media_url":"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2017\/01\/iStock-508960236.jpg","_links":{"self":[{"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/posts\/3390","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/comments?post=3390"}],"version-history":[{"count":0,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/posts\/3390\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/media\/3391"}],"wp:attachment":[{"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/media?parent=3390"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/categories?post=3390"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/tags?post=3390"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}The WhatsApp Backdoor isn\u2019t a Backdoor at all<\/h2>\n
What is the WhatsApp Security Vulnerability?<\/h2>\n
Why the WhatsApp Security Vulnerability isn\u2019t a Backdoor<\/h2>\n
Calling it a Backdoor is Irresponsible<\/h2>\n
\n
\n