WhatsApp messages may be available to outsiders: a serious vulnerability allows access to your correspondence
• Facebook states that no one, even the company itself, can access the WhatsApp messages.
• However, a security loophole allows Facebook to read customer conversations.
• This becomes possible when you force the generation of WhatsApp encryption keys for non-online users.
')
• Vulnerability message came to Facebook last April.
With end-to-end encryption, WhatsApp is considered one of the most secure messaging services.
With end-to-end encryption, the intercepted message cannot be read.
However, a security breach in the program’s system allows unauthorized persons and Facebook to intercept and read encrypted WhatsApp messages.
GOT IN SAFETY
Vulnerability was discovered by a researcher at the University of California at Berkeley.
Facebook, which bought WhatsApp two years ago, says no one can intercept whatsapp messages, including the company itself and its staff.
However, according to the reports, the encryption method used allows the company to read messages.
Activists called it a serious threat to free speech.
A security breach was discovered by Tobias Boelter, a cryptographic and security researcher at the University of California at Berkeley.
He told The Guardian: "If a government organization asks WhatsApp to open access to the records of messages, this will be easy to do because of the possibility of changing keys."
With end-to-end encryption, messages are visible only to the sender and the person who was supposed to receive them.
For the operation of the system, “locks” are used, which protect the correspondence between the interlocutors and in the group chat.
For the lock there is a special “key” that is accessible only to the sender and recipients.
The company claims that this technology allows you to protect personal data from cybercriminals, hackers, dictatorships, and even WhatsApp representatives.
However, WhatsApp can generate new encryption keys for non-network users.
The system can also force re-encryption of undelivered messages, creating new keys, and re-send them without notifying the user.
Re-encryption and sending allows WhatsApp to intercept and read user messages.
According to The Guardian, Mr. Bölter told Facebook about the vulnerability in April 2016, but he was told that the company was aware of the problem, called it “expected behavior” and said that they did not plan to fix it in the near future.
Varonis vice president of strategy and market expansion, David Gibson, states: “We laugh when high-level officials, such as President-elect Trump, declare that we should transfer confidential information using paper and pen, but in an era of daily leaks data consumers need to accept the fact that their communication will remain personal for long. ”
According to him, “even in applications such as WhatsApp, the developers of which claim that no one can follow the correspondence of their users,” vulnerabilities may arise as a result of accidental or intentional creation of loopholes.
“Consumers and companies such as Facebook need to be constantly vigilant to protect the interests of customers,” he added.
ACCESS TO WHATSAPP DATA
WhatsApp app has generated interest in providing data to the parent company Facebook.
There was a subtle, but significant change for the messenger, who for a long time promised to protect the confidentiality of more than one billion users worldwide.
Last September, the WhatsApp app started linking accounts with Facebook, passing the mobile phone numbers of users.
In addition, companies provide each other with information about the device, such as the type of operating system and characteristics of the smartphone.
Facebook uses phone numbers for internal purposes, identifying WhatsApp users on Facebook.
This way, the company can recommend friends or show targeted ads.
For advertising, Facebook uses the program "Customized audience."
Patrick Arben, a partner at the law firm Gowling WLG, states: “In order for actions to be legitimate, they must be carried out within the framework of the law on the powers of the authorities conducting a criminal investigation investigation, which entered into force last November.
To some extent, it simplifies the work of the investigative and surveillance services, whose powers and rights were previously distributed among many legislative acts.
Offensive provisions that require information technology companies to create loopholes in their systems are excluded from the law. These provisions are called spyware.
The law was improved to increase protection against abuse of authority by services that intercept information and spy.
Interception of information is carried out under enhanced judicial supervision. However, these measures do not go as far as proposed by an independent expert in the field of legislation aimed at combating terrorism. ”
Dr. Jamie Graves, CEO of ZoneFox, added: “It has to be admitted that in the digital age we cannot declare anything secure.
Even about the security of the application of the company WhatsApp, which has taken serious steps to promote the idea of protecting its product from any threats of penetration.
While the focus of the breach will be on personal consequences for billions of WhatsApp users, company representatives should also be extremely concerned. In today's world, the discussion of many work-related issues, often confidential and passing at the highest level, occurs in this application.
Apparently, the mass of information was available to anyone who knew how to get it. Now one can only guess whether unauthorized access was made and how much confidential information could fall into the wrong hands.
In addition, the emergence of WhatsApp for PC, which is rapidly gaining popularity, means that millions of employees used this software on work devices, potentially opening up access to confidential information and company servers.
This vulnerability should be a powerful signal for company representatives to exercise vigilance and carefully monitor the security threats that are hidden in the least obvious aspects of a company’s operations. ”
• However, a security loophole allows Facebook to read customer conversations.
• This becomes possible when you force the generation of WhatsApp encryption keys for non-online users.
')
• Vulnerability message came to Facebook last April.
With end-to-end encryption, WhatsApp is considered one of the most secure messaging services.
With end-to-end encryption, the intercepted message cannot be read.
However, a security breach in the program’s system allows unauthorized persons and Facebook to intercept and read encrypted WhatsApp messages.
GOT IN SAFETY
Vulnerability was discovered by a researcher at the University of California at Berkeley.
Facebook, which bought WhatsApp two years ago, says no one can intercept whatsapp messages, including the company itself and its staff.
However, according to the reports, the encryption method used allows the company to read messages.
Activists called it a serious threat to free speech.
A security breach was discovered by Tobias Boelter, a cryptographic and security researcher at the University of California at Berkeley.
He told The Guardian: "If a government organization asks WhatsApp to open access to the records of messages, this will be easy to do because of the possibility of changing keys."
With end-to-end encryption, messages are visible only to the sender and the person who was supposed to receive them.
For the operation of the system, “locks” are used, which protect the correspondence between the interlocutors and in the group chat.
For the lock there is a special “key” that is accessible only to the sender and recipients.
The company claims that this technology allows you to protect personal data from cybercriminals, hackers, dictatorships, and even WhatsApp representatives.
However, WhatsApp can generate new encryption keys for non-network users.
The system can also force re-encryption of undelivered messages, creating new keys, and re-send them without notifying the user.
Re-encryption and sending allows WhatsApp to intercept and read user messages.
According to The Guardian, Mr. Bölter told Facebook about the vulnerability in April 2016, but he was told that the company was aware of the problem, called it “expected behavior” and said that they did not plan to fix it in the near future.
Varonis vice president of strategy and market expansion, David Gibson, states: “We laugh when high-level officials, such as President-elect Trump, declare that we should transfer confidential information using paper and pen, but in an era of daily leaks data consumers need to accept the fact that their communication will remain personal for long. ”
According to him, “even in applications such as WhatsApp, the developers of which claim that no one can follow the correspondence of their users,” vulnerabilities may arise as a result of accidental or intentional creation of loopholes.
“Consumers and companies such as Facebook need to be constantly vigilant to protect the interests of customers,” he added.
ACCESS TO WHATSAPP DATA
WhatsApp app has generated interest in providing data to the parent company Facebook.
There was a subtle, but significant change for the messenger, who for a long time promised to protect the confidentiality of more than one billion users worldwide.
Last September, the WhatsApp app started linking accounts with Facebook, passing the mobile phone numbers of users.
In addition, companies provide each other with information about the device, such as the type of operating system and characteristics of the smartphone.
Facebook uses phone numbers for internal purposes, identifying WhatsApp users on Facebook.
This way, the company can recommend friends or show targeted ads.
For advertising, Facebook uses the program "Customized audience."
Patrick Arben, a partner at the law firm Gowling WLG, states: “In order for actions to be legitimate, they must be carried out within the framework of the law on the powers of the authorities conducting a criminal investigation investigation, which entered into force last November.
To some extent, it simplifies the work of the investigative and surveillance services, whose powers and rights were previously distributed among many legislative acts.
Offensive provisions that require information technology companies to create loopholes in their systems are excluded from the law. These provisions are called spyware.
The law was improved to increase protection against abuse of authority by services that intercept information and spy.
Interception of information is carried out under enhanced judicial supervision. However, these measures do not go as far as proposed by an independent expert in the field of legislation aimed at combating terrorism. ”
Dr. Jamie Graves, CEO of ZoneFox, added: “It has to be admitted that in the digital age we cannot declare anything secure.
Even about the security of the application of the company WhatsApp, which has taken serious steps to promote the idea of protecting its product from any threats of penetration.
While the focus of the breach will be on personal consequences for billions of WhatsApp users, company representatives should also be extremely concerned. In today's world, the discussion of many work-related issues, often confidential and passing at the highest level, occurs in this application.
Apparently, the mass of information was available to anyone who knew how to get it. Now one can only guess whether unauthorized access was made and how much confidential information could fall into the wrong hands.
In addition, the emergence of WhatsApp for PC, which is rapidly gaining popularity, means that millions of employees used this software on work devices, potentially opening up access to confidential information and company servers.
This vulnerability should be a powerful signal for company representatives to exercise vigilance and carefully monitor the security threats that are hidden in the least obvious aspects of a company’s operations. ”
Source: https://habr.com/ru/post/324930/
All Articles