Is WhatsApp's e2e really secure from Facebook?
-
Reading this article this morning on my commute in to the office: https://www.nytimes.com/2018/12/18/technology/facebook-privacy.html
It got me thinking again about how WhatsApp's purported end-to-end encryption actually works and whether it is truly safe.
Actual encryption aside (I'll make the naive assumption that that works), I am able to back up my messages to Google Drive and restore it onto a new phone. I'd think they would be backing up the encrypted data, and not plaintext messages, and so if they're doing that, then they must also be backing up the encryption key as well (or a seed that can be used to regenerate a key).
Therefore wouldn't the simple fact that the key is backed up mean the key is essentially compromised?
Since you authorize WhatsApp to save and pull data from your Google Drive, it means WhatsApp servers (via the local app) have access to those files too. Therefore it stands to reason that if they wanted, your messages could still be decrypted.
Am I tinfoil hatting here or is WhatsApp's e2e just hogwash? If I switch to a new phone my Telegram messages aren't retrieved...
-
@julianlam said in Is WhatsApp's e2e really secure from Facebook?:
Am I tinfoil hatting here or is WhatsApp's e2e just hogwash? If I switch to a new phone my Telegram messages aren't retrieved...
Talking from security in general: if you have to ask because there's no expert opinion, it's likely not secure. You don't know the things which WhatsApp are tracking. Even if they can't read your messages they still host the data, so your username and IP address is still in their logs so an adversary knows you sent messages.
Is anything known about how they secure the whole thing, what algorithms or practices are present?
-
@JBert WhatsApp security white paper (PDF warning)
Their FAQ is geared mostly towards the layman and doesn't say much about the technical practices, but the white paper is likely more exhaustive (but I'd wager it'd also be deliberately vague in certain places).
My whole beef is that even if the encryption is robust, the very fact that the key is backed up means it is compromised, all in the name of convenience
Edit: As I guessed, the white paper makes no mention of this fact that the messages can be restored.
-
From WhatsApp's own FAQ.
Media and messages you back up aren't protected by WhatsApp end-to-end encryption while in Google Drive.
-
I'd hazard the encryption is only in transit, not at rest, so google backup gets decrypted data.
-
Short answer: it's compromised, merely because they control the app and can put in whatever backdoors, mitm, etc. they want (or are required to by law).
-
The biggest practical problem with encryption has always been knowing what keys really belong to the person you want to talk to, and not someone pretending to be them. It's why we need CAs and all that.
Whereas in WhatsApp, I assume it's entirely up to their servers to assign you a key and tell everyone it's your key. So they could easily give others a different key, read your incoming messages and re-encrypt them and send them to you. Although that could be detected by someone dedicated enough.
-
I'd imagine the phone generates its own key, sends the public key to the server, and the server verifies that it belongs to the phone via SMS code.
-
Searches his history; I know I've seen a computerphilie on this
Apparently it's called the signal protocol
Signal Protocol - Wikipedia