WhatsApp backdoor allows snooping on encrypted messages | Technology | The Guardian
▻https://www.theguardian.com/technology/2017/jan/13/whatsapp-backdoor-allows-snooping-on-encrypted-messages
WhatsApp backdoor allows snooping on encrypted messages | Technology | The Guardian
▻https://www.theguardian.com/technology/2017/jan/13/whatsapp-backdoor-allows-snooping-on-encrypted-messages
Même pas étonnant.
De toute façon, les gens préfèrent que l’état puisse lire leurs données plutôt que Mark Zuckerberg. C’est con, WhatsApp permet plutot l’inverse.
“WhatsApp has the ability to force the generation of new encryption keys for offline users, unbeknown to the sender and recipient of the messages, and to make the sender re-encrypt messages with new keys and send them again for any messages that have not been marked as delivered.
The recipient is not made aware of this change in encryption, while the sender is only notified if they have opted-in to encryption warnings in settings, and only after the messages have been re-sent. This re-encryption and rebroadcasting effectively allows WhatsApp to intercept and read users’ messages.”
Mais surtout:
“[the researcher] reported the vulnerability to Facebook in April 2016, but was told that Facebook was aware of the issue, that it was “expected behaviour” and wasn’t being actively worked on.”
La dénégation de Moxie Marlinspike au nom de son entreprise Open Whisper Systems qui a travaillée sur le logiciel WhatsApp.
Je ne sais pas trop quoi en penser...
There is no WhatsApp ’backdoor’
moxie0 on 13 Jan 2017
▻https://whispersystems.org/blog/there-is-no-whatsapp-backdoor
The WhatsApp clients have been carefully designed so that they will not re-encrypt messages that have already been delivered. Once the sending client displays a “double check mark,” it can no longer be asked to re-send that message. This prevents anyone who compromises the server from being able to selectively target previously delivered messages for re-encryption.
The fact that WhatsApp handles key changes is not a “backdoor,” it is how cryptography works. Any attempt to intercept messages in transmit by the server is detectable by the sender, just like with Signal, PGP, or any other end-to-end encrypted communication system.
The only question it might be reasonable to ask is whether these safety number change notifications should be “blocking” or “non-blocking.” In other words, when a contact’s key changes, should WhatsApp require the user to manually verify the new key before continuing, or should WhatsApp display an advisory notification and continue without blocking the user.
Given the size and scope of WhatsApp’s user base, we feel that their choice to display a non-blocking notification is appropriate. It provides transparent and cryptographically guaranteed confidence in the privacy of a user’s communication, along with a simple user experience. The choice to make these notifications “blocking” would in some ways make things worse. That would leak information to the server about who has enabled safety number change notifications and who hasn’t, effectively telling the server who it could MITM transparently and who it couldn’t; something that WhatsApp considered very carefully.
Et une réponses aux réponses :
WhatsApp vulnerability explained : by the man who discovered it - Tobias Boelter ▻https://www.theguardian.com/technology/2017/jan/16/whatsapp-vulnerability-facebook?CMP=share_btn_tw
Il pointe notamment une évidence qui semble « échapper » à l’Electronic Frontier Foundation : WhatsApp n’étant pas un logiciel libre et le réseau WhatsApp n’étant pas accessible à des logiciels clients tiers : il n’est pas possible de vérifier le comportement réel de WhatsApp. Bref il n’est pas possible d’affirmer que WhatsApp est sécurisé.
“I no longer believe that it is possible to build a competitive federated messenger at all” - Moxie’s conclusion makes me sad: his lack of utopia is disappointing.... But it is a lucid analysis of the contemporary landscape, though one may take into account his service provider bias considering his interest in Open Whisper Systems. The notification panel as federation locus - yuck... But it is the current reality and it works.
►https://whispersystems.org/blog/the-ecosystem-is-moving #Moxie_Marlinspike #Open_Whisper_Sytems #Signal #messageing #messagerie #xmpp
A very interesting paper (I said “interesting”, I didn’t say I agree!) on open networks where independant nodes with independently developed programs interoperate thanks to standards. The author claims closed and centralized systemes are better, because they allow faster evolution (he uses security and privacy as an example).
►https://whispersystems.org/blog/the-ecosystem-is-moving
#Internet #privacy #federated_systems #centralized #decentralized
Like any federated protocol, extensions don’t mean much unless everyone applies them, and that’s an almost impossible task in a truly federated landscape. What we have instead is a complicated morass of XEPs that aren’t consistently applied anywhere. The implications of that are severe, because someone’s choice to use an XMPP client or server that doesn’t support video or some other arbitrary feature doesn’t only effect them, it effects everyone who tries to communicate with them. It creates a climate of uncertainty, never knowing whether things will work or not. In the consumer space, fractured client support is often worse than no client support at all, because consistency is incredibly important for creating a compelling user experience.
#XMPP
“I no longer believe that it is possible to build a competitive federated messenger at all” - Moxie’s conclusion makes me sad: his lack of utopia is disappointing.... But it is a lucid analysis of the contemporary landscape, though one may take into account his service provider bias considering his interest in Open Whisper Systems. The notification panel as federation locus - yuck... But it is the current reality and it works.
See also my conversation with Dean Bubley: ►https://twitter.com/liotier/status/727848142994018304
Troll put aside (« it’s undeniable that XMPP still largely resembles a synchronous protocol with limited support for rich media, which can’t realistically be deployed on mobile devices. If XMPP is so extensible, why haven’t those extensions quickly brought it up to speed with the modern world? » is pure ignorance or, worst, deliberate misleading), this is not a technical problem, but a pretty old political one.
It’s not new that some people think or declare that a monarchy or dictatorship (with a « enlightened leader ») is more efficient than a system involving cooperation and discussion. History has proven it wrong many times.
I really don’t understand why free software (talking about free software, not open source) community is even paying attention and sometime giving credit to this kind of text, this is in total oposition of what free software are made for.
@Goffi : I’m paying attention because acquisition of users is critical where network-effect is the main usage driver. Centralization has a huge advantage in contact discovery - currently big enough to make decentralized systems seem incapable in comparison. Everything else is moot if a new user can’t instantly fill his contacts list. Decentralized will still work best for closed groups or in privacy-critical environments, but the mass market is now centralized - I have recently decided that this battle is lost... But I’m still wondering about the holy grail of privacy-preserving contact discovery in decentralized systems - maybe some cryptographic wizardry will make that possible one day and change the whole game. Until them I’ll go where my girlfriends are.
PS: I still run an ejabberd but the number of people I reach through it can now be counted on the fingers of one hand - on a good day. The girlfriends used to be there... That era is gone.
Also, this made me think about a short discussion I had with Dean Bubley a couple of weeks ago : ►https://twitter.com/liotier/status/727848142994018304 - he argues that the comparative benefit of freedom of service provider choice inherent to decentralized networks is made irrelevant when users can setup and populate a new centralized network in 30 seconds. Still proprietary, still a trust SPOF - but those are minor factors in mass market user choice.
A reply to Marlinspike, specially about #XMPP (poke @goffi) ▻https://medium.com/@dwdbah/federation-privacy-and-user-experience-c158547f07f5
@liotier : centralisation allows contact discovery *in the network*, you wont find my contact on Twitter for instance because I’m not there. In addition, the biggest network to date in term of user (before FB) is a decentralised one: email.
Anyway the network effect is a bad usage driver, I wish that this notion doesn’t exist anymore in the future. Network effect exists because people are not able to talk to each other between networks. If interoperability exists, you can have a network with 10 or even 1 person, if you can talk to all the others there is no more notion of network effect. Again email is a good exemple, I’m the only one on my server and I’m not isolated because of network effect.
@stephane : thank for the ping, I’ve already seen this text on XSF muc room. I’m really not fond of the certification thing by the way.
Network effect exists because people are not able to talk to each other between networks. If interoperability exists, you can have a network with 10 or even 1 person, if you can talk to all the others there is no more notion of network effect.
Other example of this kind: the phone networks. There is a large number of companies, that manage different networks, but all interoperate. And in many countries, there are also regulatory norms that mandate “portability” to allow users to switch from one network to another without cost.
Maybe part of the solution is regulatory, no technological.
> Maybe part of the solution is regulatory, no technological
Hampering interoperability might be interpreted as abuse of dominance as defined by Article 102 of the Treaty on the Functioning of the European Union (▻http://eur-lex.europa.eu/legal-content/EN/ALL/?uri=CELEX:12008E102)... But you’ll have a hard time building a convincing case when the “product market” (as defined by same article) arguably encompasses all equivalent services between which users switch easily (see Signal’s signup spike when Whatsapp became temporarily banned in Brazil). POTS was heavily regulated because no such market diversity existed, so the dominance and abuse thereof were obvious.
Email is driven by standards-based interoperability because it grew up at a time where no one was seeing value in owning users... That era is past, even though we enjoy its legacy.
Service/standard adoption are investment driven:
– Investment in development
– Investment in usage (yes, for a user, setting up a system and learning its use is an investment)
Now, think about why the developer (in the business sense, not the technical one) and the user would invest ?
For the user, it is all about innovation: given acceptable levels of service, the user will switch to where the exciting new functionality is (see Simon Wardley’s works for this line of argumentation). Decentralized loses because innovation requires consensus - working with standards body is a long tedious slog... So time to market will be unacceptable or at least it will be to late for any competitive advantage. So it follows that businesses will only standardize if they have no choice but delivering an interoperable solution because they don’t have a strong market position - otherwise, fuck standards: either the customers will eat whatever the dominant provider feeds them or the provider better deliver exciting functionality before anyone else if they want to keep growing.
Even merely opening an API to third-party clients is a threat to that model: it freezes the service in its current form, thus slowing functional change... Businesses don’t want that - except when the customers put interoperability before other functionality, which seldom happens.
As for some hope for the free world ? As I said - and as David Cridland explains, it lies in a revolution in contact discovery. Who knows if a cryptographic protocol could let users expose chosen bits to chosen interlocutors in a distributed way (did anyone say “blockchain” ?)... I have no idea and it is a hard problem - seen Moxie’s take on this (notably the mention of encrypted bloom filters): ►https://whispersystems.org/blog/contact-discovery - posted by @stephane a couple of years ago. David Cridland offers the less utopian idea of a centralized directory for the open world... It could surely work and it might even be sufficiently cheap to be fundable - but what a SPOF in every dimension !
The difficulty of private contact discovery
►https://whispersystems.org/blog/contact-discovery #social_networking #privacy #cryptography
Just Signal
▻https://www.whispersystems.org/blog/just-signal
Today we’ve started rolling out Signal for Android, which unites simple private messaging and simple private calling into a single app on Android. This is the culmination of our effort to combine TextSecure and RedPhone into one app, which we began on iPhone and are now bringing to completion on Android.
TextSecure (application open source de messagerie instantanée chiffrée de bout en bout) et Signal (pareil pour la voix) devient Signal.
La seule alternative Whatsapp & co-like aujourd’hui : stable, open-source et chiffrée via OTR. Celle que vous pouvez suggérer à vos amis sans trop rougir.
#Chiffrement #Cryptographie #Messagerie_instantanée #OTR #Off-the-Record_Messaging #Open_Whisper_Systems #Open_source #RedPhone #Révélations_d'Edward_Snowden #TextSecure
“App maker Open Whisper Systems took an important step in this direction today with the release of a major new version of its Signal encrypted calling app for iPhones and iPads. The new version, Signal 2.0, folds in support for encrypted text messages using a protocol called TextSecure, meaning users can communicate using voice and text while remaining confident nothing can be intercepted in transit over the internet.”
▻https://firstlook.org/theintercept/2015/03/02/signal-iphones-encrypted-messaging-app-now-supports-text
En gros, c’est #TextSecure pour les joujous Apple comme l’iPhone.
#cryptographie #vie_privée (poke @MmeMichu)
Cool, bonne nouvelle ! Seulement, j’arrive pas à avoir la confirmation, mais il me semble que Signal n’a pas de fonction SMS. C’est uniquement over internet . Ce qui n’est pas un problème en soi, mais rompt la compatibilité avec TextSecure si TextSecure n’est pas utilisé avec Google Play Service. Et comme TextSecure bascule sur du SMS automatiquement s’il n’y a pas d’accès internet ou si GCM n’est pas disponible, ça risque éventuellement de mettre un peu le bazar. Je sais pas comment tout ça est géré. Enfin, peu importe, Signal est une excellente nouvelle et se pose en une véritable alternative à WhatsApp.
Et je crois avoir lu quelque part qu’à terme, OpenWhisper System proposera Signal aussi sur Android (en regroupant donc TextSecure et RedPhone sous une même application et au même nom que sous iOS).
Prochaine étape : se libérer des solutions push de Google et d’Apple. Et enfin, mettre en place un « repository » F-Droid.
On peut aussi aller lire ▻http://seenthis.net/messages/345498 où Frederic Jacobs d’OpenWhisper System explique sa vision des choses :
“Demander aux utilisateurs de choisir entre l’effort de la sécurité et la facilité d’utilisation n’est pas un choix. Le monde de la sécurité a besoin de belles applications utilisables. Or, le chiffrement en soi n’est pas un futur ni une caractéristique”.
Jacobs veut mettre au point un prototype qui montre que cet idéal est néanmoins possible. Qu’on peut concevoir des outils qui soient pensés pour l’utilisateur tout en leur offrant une sécurité maximum.
Ah ben voilà, pour éviter le problème de compatibilité avec TextSecure, il suffit de supprimer le support des SMS/MMS chiffrés de TextSecure :
Saying goodbye to encrypted SMS/MMS
▻https://whispersystems.org/blog/goodbye-encrypted-sms
Avec d’autres bons arguments quand même. Je retiens en particulier :
SMS and MMS are a security disaster. They leak all possible metadata 100% of the time to thousands of cellular carriers worldwide. It’s common to think of SMS/MMS as being “offline” or “peer to peer,” but the truth is that SMS/MMS messages are still processed by servers–the servers are just controlled by the telcos. We don’t want the state-run telcos in Saudi, Iran, Bahrain, Belarus, China, Egypt, Cuba, USA, etc… to have direct access to the metadata of TextSecure users in those countries or anywhere else.
Ainsi que :
It’s common for people in the US and Europe to assume that SMS is the accessible option for people in the global south, but the truth is just the opposite. It’s primarily just the US and parts of Europe that have affordable/unlimited SMS plans. For the most part, the global south is hungry for overlay services that they can use instead of SMS, precisely because SMS is so expensive in those places. Just look at the places where market penetration of overlay services like Viber, Line, and WhatsApp have been the highest. The phrase “WhatsApp number” has even replaced the phrase “phone number” in many parts of south america.
Et pour finir :
[I]n conjunction with removing support for encrypted SMS/MMS, we’ll simultaneously move to a model of handling message delivery ourselves – relying on GCM only for a wakeup event.
Pour continuer à chiffrer ses SMS/MMS (et uniquement ceux-ci) c’est #SMSSecure qui prend la suite :
▻http://seenthis.net/messages/370160
Open Whisper Systems partners with WhatsApp to provide end-to-end encryption
▻https://whispersystems.org/blog/whatsapp
OWS a bossé avec la célèbre application de messagerie mobile WhatsApp pour y utiliser leur protocole TextSecure.
Pourquoi c’est une bonne nouvelle ? Parce que WhatsApp a déjà des millions d’utilisateurs qui, du coup, voient la protection de leur vie privée faire un bond en avant.
Mais en même temps, WhatsApp reste une appli propriétaire et même si OWS les a aider à implémenter leur protocole et les valident, on ne peut pas savoir si ils vont pas rajouter un truc pourri dedans.(Permalink)
Je suis désormais, comme beaucoup de gens, l’heureux utilisateur de #TextSecure qui a complètement remplacé, sur mon smartphone, l’application #SMS par défaut.
@sabineblanc J’adore cette question :o)
Oui, il gère les smilies. À vrai dire, il a même une bibliothèque de smilies beaucoup plus importante que celle de l’outil fourni par Android.
s’il reconnait les smileys, alors il est Kevin-compatible.
À noter que la technologie de TextSecure est intégrée de façon transparente dans les dernières moutures de CyanogenMod, une ROM Android alternative. CyanogenMod fait ainsi tourner son propre serveur, connecté avec celui d’OpenWhisper.
▻https://whispersystems.org/blog/cyanogen-integration
Je suis un peu Michue. Il y a quand même un serveur central dans cette affaire no ?
@supergeante Si on utilise le mode PUSH, le serveur du fournisseur (OpenWhisper, par défaut). En mode SMS, celui de l’opérateur de téléphonie. TextSecure n’a jamais prétendu être pair-à-pair ou réparti.
Je suis à mon tour un utilisateur plutôt satisfait de TextSecure depuis quelques jours. Une remarque cependant qui n’apparait pas dans le papier de @stephane : les messages PUSH (via Internet) reposent sur les serveurs d’OpenWhisper mais leur transport depuis et vers le mobile dépend de ceux de Google et de son GCM (Google Cloud Messaging). Même si je ne sais cependant pas quel est le niveau de détail des métadonnées accessibles à Google par cette méthode (le message en tant que tel restant bien entendu chiffré), je pense que c’est bien de garder cela à l’esprit.
Mais ce qui est en fait plus embêtant, c’est que pour profiter de GCM (et donc de la méthode PUSH de TextSecure), il faut installer les Google Play Services, le cœur Google non open source d’Android (i.e. mouchard). Si vous vous en êtes débarrassé comme moi, vous pourrez néanmoins utiliser uniquement la fonction SMS chiffré de TextSecure (c’est ce qui en fait un outils intéressant). OpenWhisper travaille cependant à l’intégration de sa propre solution de PUSH autonome et de bout en bout :
▻https://github.com/WhisperSystems/TextSecure/issues/1000
Sur la difficulté du PUSH sur les smarpthones :
▻http://seenthis.net/messages/255834
A very good technical paper on the difficulty of having “social” functions (such as discovering potential contacts) in a secure and privacy-friendly way.
The New TextSecure: Privacy Beyond SMS
▻https://whispersystems.org/blog/the-new-textsecure
Mise à jour majeure de TextSecure qui enterre Telegram. J’ai mis mon article à la page ▻http://aldarone.fr/un-peu-dintimite-dans-votre-telephone/(Permalink)