Whatsapp, the mobile application for instant messaging
platform has become one of the main communication tools of the present
day and its popularity makes it attractive for security researchers and hackers.
This time it is debated in the protection of the messages exchanged through the application, thanks to a vulnerability in the crypto implementation they can be intercepted by an attacker.
Thijs Alkemade is a computer science student at Utrecht
University in The Netherlands who works on the open source Adium instant
messaging project, during its research activity he disclosed a serious
issue in the encryption used to secure WhatsApp messages.
In the post titled "Piercing Through WhatsApp’s Encryption"
Alkemade remarked that Whatsapp has been plagued by numerous security
issues recently, easily stolen passwords, unencrypted messages and even a
website that can change anyone’s status.
"You should assume that anyone who is able to eavesdrop on your
WhatsApp connection is capable of decrypting your messages, given enough
effort. You should consider all your previous WhatsApp conversations
compromised. There is nothing a WhatsApp user can do about this but
expect to stop using it until the developers can update it." states the researcher.
An attacker sniffing a WhatsApp conversation is able to recover most of
the plaintext bytes sent, WhatsApp uses RC4 software stream cipher to generate a stream of bytes that are encrypted with the XOR additive cipher.
The mistakes are:
- The same encryption key in both directions
- The same HMAC key in both directions
Below the trick used by the researcher to reveal the messages sent with WhatsApp exploiting first issue:
WhatsApp adopts the same key for the incoming and the outgoing RC4 stream, "we know that ciphertext byte i on the incoming stream xored with ciphertext byte i on the outgoing stream will be equal to xoring plaintext byte i on the incoming stream with plaintext byte i of the outgoing stream. By xoring this with either of the plaintext bytes, we can uncover the other byte."
The technique doesn't directly reveal all bytes
but works in many cases, another element that advantage the attacker is
that messages follow the same structure and are easy to predict
starting from the portion of plaintext that is disclosed.
The second issue related to the HMAC id more difficult to exploit,
Alkemade said WhatsApp also uses the same HMAC key in both directions,
another implementation error that puts messages at risk, but is more
difficult to exploit.
The MAC is used to detect data alteration but it is not enough to detect
all forms of tampering, the attacker potentially could manipulate any
message.
"TLS counters this by including a sequence number in the plaintext of
every message and by using a different key for the HMAC for messages
from the server to the client and for messages from the client to the
server. WhatsApp does not use such a sequence counter and it reuses the key used for RC4 for the HMAC."
Alkemade is very critical to the development team of the popular platform:
“There are many pitfalls when developing a streaming encryption
protocol. Considering they don’t know how to use a xor correctly, maybe
the WhatsApp developers should stop trying to do this themselves and
accept the solution that has been reviewed, updated and fixed for more
than 15 years, like TLS,” he said.
I agree with the thinking of the researcher, security for applications
such as WhatsApp is crucial given its level of penetration, it is true
that the interest of the scientific community and cybercrime will surely lead them to discover new vulnerabilities to which WhatsApp have to provide a quick solution.
Alkemade confirmed that there is no remediation for the flaw in this
moment, that's why he suggest to stop using WhatsApp until developers
produce a patch.
Beware ... This is a very serious risk to your privacy!
No comments:
Post a Comment