Encrypt all the things!

Posted on
of 119
  • Thanks.

    Is my understanding and explanation of the end-to-end point correct?

  • TBH, I don't know for sure that it's encrypted at-rest on their servers... but you've got the inbetween bit right.

  • Thanks.

  • Is my understanding and explanation of the end-to-end point correct?

    [EDIT] When the Whatsapp client is installed and run for the first time it creates a public key and a private key. Anything encrypted with the public key can only be decrypted with the private key. The public key is sent to Whatsapp's servers (and anyone that wants to communicate with you). The private key is not sent anywhere and should only remain on the phone. The private key is unrecoverable so if you lose your phone you either need a backup of your phone (e.g. using iTunes/cloud for Apple) or the private key is gone forever.

    [EDIT] WhatsApp web interface is still secure. I'll give an outline of how that works without WhatsApp being able to read any messages a bit later if anyone is interested.

    The communications are encrypted end-to-end, that is, each message you send to an individual is encrypted in such a way that only that end user should be able to decrypt it. (The messages are encrypted with a public key but can only be decrypted with the corresponding private key.)

    If you send a message to a group then actually you're sending messages to each person individually using their unique key.

    So, in either case above, Whatsapp (servers) should not be able to see the unencrypted contents of any message. But they do know the metadata, e.g. you sent a message to person B, or that you have persons C, D and E in your contacts, or that you're in a group with persons F, G and H. They have to know this so they can deliver your messages appropriately. This metadata is still valuable even if they can't read the content of the messages.

    However, and here's the first but (there are three), Whatsapp also controls the client which obviously has access to the private key that is required to decrypt messages, otherwise it wouldn't be able to display the decrypted messages to you.

    It also controls which keys a message is encrypted with when you send a message. If it is only encrypted messages you send with the public key of the recipients then Whatsapp cannot know the contents of your message as Whatsapp should not know any of the private keys.

    You are relying on Whatsapp to play nicely. They could:
    a) Encrypt each message you send with an extra key that Whatsapp has the private key for, and also send this each time, and so they'd be able to decrypt every message sent by anyone.
    b) Act as a Person-In-The-Middle and tell you that Person B's public key is X (when it is actually Y) and when you send a message to B you encrypt it with X, but Whatsapp intercepts this, decrypts it (as they have the corresponding private key for X), stores the message and re-encrypts it with public key Y and then sends it on to B, which then decrypts it without any idea that it has been messed about with.
    c) The WhatsApp client could take your private key (which should remain only on your client) and send it to WhatsApp. They could exfiltrate it bit by bit inside other WhatsApp communications and you'd never know and people would be very unlikely to notice.
    d) The WhatsApp client could purposely generate 'weak' or easily attackable keys, so that someone with a bit of computing grunt could determine the private key from just the public key.
    e) ...lots of other possibilities...

    The source code for the client is not public, and even if it was, there's no way to verify that the app you are running on your phone was built from that source code. There's a lot of trust there (and being a FB company there's no much trust going around).

    The second 'but' relates to backups of your chats. If you enable this then Whatsapp stores a backup of your chats on Google Drive and they are encrypted with a key that is derived from your phone number. This means that if you lose your phone then you can retrieve all of your old messages as Whatsapp can restore this backup onto your phone as it can work out the key again.

    If Whatsapp can do this onto a new phone they can, theoretically, retrieve any chat backup from Google Drive, derive the key from the corresponding phone number, and then pore through the messages at their leisure. They can also hand over the key derivation function to a nation state (such as a three letter agency in the US) which will also have access to arbitrary google drive information, and so they can look through anyone's Whatsapp data.

    The final 'but' is the leaking of information due to link previews. That doesn't leak the specific content of messages but it does leak valuable information.

    Signal is better in many respects, but nothing can be perfect. Signal doesn't offer the same backup with obvious security flaws. Signal has open source code (and people do perform verifiable builds). etc.

  • How does the Whatsapp web interface work then?

    The QR code you scan is effectively another public key.

    When you first go to the Whatsapp Web interface the client side website code creates a new public/private key pair. It presents the public key in the form of QR code that you scan on your phone.

    Your phone can now send anything through Whatsapp's servers to that web client and encrypt the messages with the public key the web client created. The web client is able to decrypt the messages using the private key which it stores in the local browser's local storage.

    Now that a secure communications channel exists between the two, the web client is able to request the current state of your phone's WhatsApp with messages routed via WhatsApp's servers. That's how it can get the recent messages, chats, etc to be displayed on the web page. It doesn't get the messages from Whatsapp, it gets them from your phone but just happens to use WhatsApp's servers to do so.

    This is why it only works if the phone has access to the Internet, the messages to ask the phone the current state are routed through Whatsapp's servers, but they can only be replied to if your phone is alive, connected and working. I've left my phone at home once when commuting into the office (over a year ago!) and I was still able to have Whatsapp conversations whilst my phone was still on and had enough battery, as I'd had an existing Whatsapp Web session open on my work desktop.

    Again, the fact that this functionality exists means you have to trust Whatsapp that they haven't embedded something similar in the client that can be triggered silently. If the phone client (which has access to everything decrypted) can send the current state (all recent messages/etc) through Whatsapp's servers to another client then it could easily be triggered to do so remotely.

  • I’ve seen more friends join Telegram than Signal in the past week.

  • Telegram

    Shouldn't this be in the online shopping thread?

  • That's really interesting - thanks for typing that up.

    I assume when you send a group message you're actually sending a decryption key (encrypted for each participant) and the encrypted message? Otherwise sending images would get pretty unwieldy in large groups. I think that's how PGP encrypts messages for multiple recipients anyway.

    I like to think WhatsApp would be reluctant to put a back door in the app because they know that every version of the app that they publish will be downloaded stored and dissected for eternity, and any back door will eventually be found.

    I'm sure they are capable of deploying backdoored versions to specific clients though.

  • I assume when you send a group message you're actually sending a decryption key (encrypted for each participant) and the encrypted message? Otherwise sending images would get pretty unwieldy in large groups. I think that's how PGP encrypts messages for multiple recipients anyway.

    For simple bits of text I would think individual messages are sent encrypted per person (but flagged as being part of a group obviously).

    But, yes, for images/movies I'd expect they encrypt it once with a unique symmetric key, the encrypted blob gets uploaded to WhatsApp servers (along with an encrypted preview/thumbnail), and then send each person is sent a copy of the symmetric key over the usual encrypted comms plus the details of what to download if they want it.

    As for a backdoor, the trick is to reuse existing functionality, such as the resending of messages (with no notification on the client) like is used in the web client. Yes you have to trigger this with the QR code normally but there may be a way to silently do this remotely, and that's what they could use.

    Or they just have something like the Apple's classic "goto fail;" bug that goes down as some kind of plausible deniability.

  • Not sure if we should have a separate privacy thread or just stick it all in here--it does seem to be the default one. I find this quite incredible, but mostly I just haven't been paying attention to mobile phone apps:


  • Excellent work. Hopefully this will lead to more fines and generally tightening of restrictions when it comes to monetising our data.

  • Been using NextDNS happily thanks for the recommendation. Works nicely. Only had issue with the Planetx website not working with my settings. Otherwise haven’t noticed it which is nice.

    How are these people making money? They are doing me a fantastic service and I haven’t given them any money.

    I’m reading a book about the CIA and it’s various front organisitions at the moment and it occurred to me this is exactly the sort of thing a state actor could set up to gain access to information. Not that I’m suggesting NextDNS are sketchy just that I didn’t know how they made there money. Is it donations or commercial work or a future plan to start charging once enough users are on board.

  • How are these people making money? They are doing me a fantastic service and I haven’t given them any money.

    DNS is cheap to operate and so the margins are good. Meaning as long as you can get some small % to pay, you can actually make a profit even whilst some large % aren't paying.

    I'm paying. But then... my house, phone and car are together doing more than 1.4M DNS requests per month.

    But that's only slightly profitable for them... it's the business plan that pays, that and their education plan.

  • I'm paying as well. My phone by itself uses up more than half of the free monthly tier.

    They also have corporate and educational plans which seem pretty cheap so I imagine could do well once they're a bit more established.

  • Also @sacredhart ... just cuz you don't pay doesn't mean you aren't useful. I'm not saying even selling data to other companies but in research the raw data is very useful.

    The data is mined as "free"/consumers tend to get compromised quicker than corporate. Again, it's all anonymous (at least where I work it is) but it's very very useful to spot botnets/new viruses/etc... etc...

  • The real bit is now more and more apps in iOS14 are taking advantage of Apple allowing htem to use their OWN encrypted DNS. This bypasses everything which is a PITA (and to me a security risk).

    NextDNS/Cloudflare/OpenDNS all offer a .mobileconfig and Apple at least made it so that if that file exists the apps HAVE to use it, they can't over ride that.

  • Lastpass are changing the TOS of the free version, so that you can only use it on one type of device, ie computers or mobiles: https://blog.lastpass.com/2021/02/change­s-to-lastpass-free/

    I don't object to paying for something that I use so much, but before committing thought I would ask about alternatives.

    The only criteria being that it can import my passwords from Lastpass.


  • Bitwarden has been a good last pass replacement for me

    Importing worked fine from what I remember.

  • Same here.

  • Also using BitWarden now.

  • Thanks all.

  • Anyone got a NextDNS affiliate link they want me to use? We keep smashing the 300k cap...

  • Does it have one? I can't see anything on my account.

  • I moved to Bitwarden from Lastpass a year or so ago, Lastpass was struggling to autofill things on my phone for some reason.

    It's generally fine. Imported my passwords OK from Lastpass and seems a slightly better interface for adding accounts on mobile.

    Would like it to have a password request for copying passwords or accessing your vault, even when you are logged in. Also in Lastpass I used to have some accounts where you had to re-enter your master password to fill them in which isn't possible on Bitwarden.

  • If you look under 'account' then you can find it.

  • Post a reply
    • Bold
    • Italics
    • Link
    • Image
    • List
    • Quote
    • code
    • Preview

Encrypt all the things!

Posted by Avatar for Velocio @Velocio