in order To April of last year, WhatsApp introduced with much fanfare encryption end-to-end communications. The news was not a matter of very minor given the popularity of the application, and the technical difficulties that resulted in the change.
At the time, activists and organizations of privacy in line applauded this move, as it represented a great step forward in the task, unending, secure digital communications of millions of people around the world.
This Friday, the british newspaper the Guardian published exclusive research detailing a backdoor in the encryption system of the application: in a few words, the communications of WhatsApp may be known by this company and by Facebook (the company who owns the messaging app). A Twitter user said the following: "The such encryption that does not exist."
The genius of encryption end-to-end who implemented the application is running under a secure protocol and recommended by people like Edward Snowden, excontratista of the CIA, and make it impossible for to WhatsApp of to find the messages that were transmitting their users. And if communications cannot be decrypted by the owner of the application, because they could not be so for other stakeholders: criminal and security agencies of governments, which sometimes tend to behave like criminals in these topics.
With what was published by The Guardian the big problem is precisely this: not so much that WhatsApp and Facebook are aware of the communication (a choice in and of itself gives fright), but that opens up the possibility that the governments continue to get the messages of the users, using court orders. In the united States, for example, many of these actions are done in secret and are issued by a court known as Fisa; in the long run, the user is never notified that their messages are being investigated by authorities.
The investigation of The Guardian is based on the work of Tobias Boelter, a researcher in digital security and cryptography, the University of California, Berkley. In statements to the daily English, the academic said that "if a government agency asks to WhatsApp that reveal the history of talks, the company can facilitate this access because of the change in the keys of the messages."
A message encryption is, in simple words, a communication that is sent to closed with a sort key to a user who has, at the same time, another key to open the message. This is why the method is referred to as encryption of end-to-end, since the information transmitted will be protected in your journey, what prevents to know its contents in the middle of the trip, to call in some way.
The weak spot in the way WhatsApp has implemented its encryption protocol revolves around how a user receives a message that was sent when he was out of line. The idea of encryption is to generate keys unique to the information, but the app has the ability to create new keys for communications which were sent to a user that was disconnected. And it is here when it breaks the magic of the encryption of end-to-end.
This change of keys is done without control of users in a conversation, and who sends the message only appears a notification about the amendment once it has forwarded the information, says The Guardian.
In contrast, Signal, an application that uses the same protocol of encryption of WhatsApp, it does not automatically sends a message if the receiver of this has changed your encryption key while it was disconnected: that is, the app does not allow the transfer of information if one of the parties to the communication you change your credentials encryption.
according To the English newspaper, Boelter, the researcher behind this revelation, communicated his discovery to Facebook in April of last year. The company replied that this was an "expected behavior" and was not actively working on solving this scenario. The Guardian verified for your account, and through third parties, that the weakness in the encryption WhatsApp still exists,
This is not an easy issue and there seems to be no absolute consensus about the findings of Boelter. Several experts have come out to discuss the veracity of the report of the journal and, although they don’t call it fake, what I do discuss is whether the forwarding of messages with new keys in effect constitutes a back door in the encryption of the application.
For example, Frederic Jacobs, an expert on the protocol used by the application, said that "it is ridiculous that this is presented as a back door in the system. If the user does not check the keys, thus the authenticity of the keys is not guaranteed. That is a fact recognized".
the implementation of The encryption of WhatsApp was in charge of people like Moxie Marlinspike, a security expert at digital, who is also behind Signal (the app recommended by Snowden).
No comments:
Post a Comment