The Guardian: WhatsApp backdoor allows snooping on encrypted messages
by Volker Weber
WhatsApp’s end-to-end encryption relies on the generation of unique security keys, using the acclaimed Signal protocol, developed by Open Whisper Systems, that are traded and verified between users to guarantee communications are secure and cannot be intercepted by a middleman. However, WhatsApp has the ability to force the generation of new encryption keys for offline users, unbeknown to the sender and recipient of the messages, and to make the sender re-encrypt messages with new keys and send them again for any messages that have not been marked as delivered.
I see this as a potential threat, but not an imminent one. Solution: install Signal.
Update: Statements from WhatsApp (via respected dpa journalist @CDernbach and UC Berkeley researcher Tobias Boelter. Plus a video with Tobias' talk.
[Danke, Stephan]
Comments
And I am still not on the right track...
Nun, ich kann das technisch nicht nachvollziehen. Aber in dem update steht:
Wir verschlüsseln zwar, behalten aber einen Zweitschlüssel.
Interesting comment from Signal on this piece from The Guardian: https://whispersystems.org/blog/there-is-no-whatsapp-backdoor/
Ja, das hatten wir gestern: https://vowe.net/archives/016177.html