25

Since Whatapp started end-to-end encryption with an option for users to verify keys, many government security agencies, like the Indian one, red-flagged such use of encryption.

Now, Yesterday the Parliament was informed by Communications and IT Minister Ravi Shankar Prasad that Security/law enforcement agencies face difficulty while dealing with encrypted communications by various application service providers including end-to-end encrypted communication messages provided by Whatsapp. However, security agencies are able to intercept these encrypted communication services through the lawful interception facilities provided by the telecom service providers.

Is this technologically possible considering its a 256bit? Can government agencies intercept end-to-end encrypted Whatsapp communication services through the lawful interception facilities provided by the telecom service providers?

Fiksdal
  • 3,097
  • 3
  • 18
  • 29
CrownedEagle
  • 353
  • 1
  • 3
  • 9

6 Answers6

31

It's very unlikely that any government agency would crack the encryption. They would need the key. And the only way they could get that is if Whatsapp had a backdoor or weakness in their software which allowed for such a key to be extracted.

There is, as of today, no direct evidence that such a backdoor exists in Whatsapp. But, since Whatsapp is closed source, it also becomes difficult to make sure such a backdoor does not exist.

However, in terms of information security, what we are interested in is a risk assessment. Considering OP, government agencies are the parties we are being asked about. We should therefore asses that risk. Here is some relevant information regarding that:

Whatsapp's parent company, Facebook, has been shown to give the NSA direct, unilatateral access to their servers through something called the PRISM Program. While Facebook denies this, it has been proven by leaked documents. This does not, however, mean that the NSA can decrypt Whatsapp messages. I include this information in the risk assessment as an example of Whatsapp's owner's relationship to the NSA and privacy transparency in general.

In 2013, information was released regarding: (Source)

• NSA and GCHQ unlock encryption used to protect emails, banking and medical records

• $250m-a-year US program works covertly with tech companies to insert weaknesses into products

We can absolutely not prove that this large, covert program has in fact worked with Facebook to put such a "weakness" into Whatsapp. However, this information is nevertheless relevant to our risk assessment. If such a weakness was actually implemented, it could compromise the encryption key.

Though not absolutely identical, considerably similar things have indeed happened before. Here is one example regarding Skype, Microsoft and the NSA.

Conclusion: It is, at present, difficult to conclude one way or the other. Whatsapp's parent company (as well as other companies) have demonstrated in the past that they are willing to give the NSA unilateral access to user data. They have also shown a willingness to lie about it. Given this, it seems difficult to take companies under the control of Facebook at their word regarding this particular subject.

When we evaluate the degree of risk in regards to malware, a virus, being hacked, data loss, data theft, surveillance, etc, it is not only relevant if something is proven. It is also relevant if something is possible or even likely. While, in this particular case, there may not be sufficient grounds to say that the NSA gaining access to Whatsapp encryption keys is likely, it is definitely possible, given the history of these entities.

This is something people can take into consideration when evaluating such a situation.

Related reading:

New Snowden Documents Detail How NSA Can Bypass Common Internet Encryption (International Business Times)

Microsoft handed the NSA access to encrypted messages (The Guardian)

Revealed: how US and UK spy agencies defeat internet privacy and security (The Guardian)

PRISM (surveillance program) (Wikipedia)

Fiksdal
  • 3,097
  • 3
  • 18
  • 29
7

You have asked one question, but I think that you are asking two:

  • can Whatsapp encrypted communications be captured, and
  • can Whatsapp encrypted communications be captured in "the clear"

To your first question, all communications can be captured by legal authorities. It's actually not that difficult, and there are multiple examples of this happening.

To your second, we can only use the stated facts in evidence, and speculate on the rest. Whatsapp states that they do not have access to the encryption keys, which would mean that they would not be able to hand those keys over to authorities. If true, then the answer to your second question, is "no".

We can speculate on the vulnerabilities on the key management process, or the truthfulness of Whatsapp's statements, but until we have evidence one way or another, we can assume that the statements are technically true.

schroeder
  • 125,553
  • 55
  • 289
  • 326
  • 1
    Linked by Rоry McCune in chat: https://www.whatsapp.com/security/WhatsApp-Security-Whitepaper.pdf – Jacco Apr 30 '16 at 20:50
  • 2
    By the way, can governments see *who* communicated with *who* on Whatsapp, even if they can't decrypt the actual messages? – Fiksdal May 03 '16 at 07:00
  • 1
    Absolutely. If I understand correctly the server is used to route messages and the metadata of who is contacting whom would probably be easy to obtain. – Ben May 03 '16 at 15:23
  • Don't forget about the option to disable encryption for a specific account, instead of cracking encryption. – Niels Groeneveld Aug 17 '18 at 21:12
5

In short:

  • Intercept encrypted communication: yes (attacker gains some metadata)
  • Decrypt content of intercepted encrypted communication: no (presumably)
  • Intercept not-yet-encrypted or already-decrypted communication at either end: yes (attacker would have to alter the client, but government agencies can force WhatsApp/Facebook or Google or Apple to push malicious app versions to their targets or their peers)
StefanB
  • 51
  • 1
2

IMHO, if it pass by Whatsapp servers, it not not what I would call end to end encryption - unless the message is just for Whatsapp company.

So there are different underlying question here:

  • is the protocol used to send the data to Whatsapp secure - even if I cannot confirm it because Whatsapp is closed source : I think yes and data cannot be intercepted without Whatsapp agreement
  • can you trust Whatsapp to not deliver data to governmental agencies : you are on your own, but I think they allow US agencies because of the Patriot Act, do not know for others
  • is true end to end encrytion secure: YES, but that supposes that you send an opaque encrypted file through [choose your media, Whatsapp or ...] and that data is only decoded by its final recipient
Serge Ballesta
  • 25,952
  • 4
  • 42
  • 84
0

They can intercept it but they cannot decrypt it.

Well... So we like to think... there were slides leaked by Snowden that showcased NSA capability for partial decryption of OTR chats over Google Talk.

user4294507
  • 343
  • 1
  • 2
0

WhatsApp uses X3DH encrypted session setup algorithm for messaging your offline contacts as a part of their implementation of Signal Encryption the same protocol suite is used by Signal, Facebook Messenger and Google Messages, and a clone implementation is used by Viber, Wire and some others). According to this article on Medium, these are the specifics of the X3DH configuration used by WhatsApp that should have you worried.

https://medium.com/@panghalamit/whatsapp-s-end-to-end-encryption-how-does-it-work-80020977caa0

  • The system uses one time keypairs that are bulk prepublished to a WhatsApp server by the recipient and used by the sender during the X3DH encrypted session setup.
  • It doesn't appear that those one time keypairs are digitally signed using the recipient's long term private key
  • The materials used to calculate the encryption key used for encryption of the message (sender's long term public key, sender's one-time public key, recipient's signed long term public key and recipient's one time public key are transmitted in plain text along with the encrypted message.

There are two broken things here:

  1. The sender has to trust the WhatsApp server. If the WhatsApp server is gamed, for example by the NSA, then the one time public key published to the server by the recipient might not be authentic.
  2. The sender has no means to authenticate that the one time public key is authentic, because it does not appear to be signed.

For the process to be robust, there needs to be a secret in the X3DH exchange. In this case the secret would be the prepublished one time public key. However, as that key is not signed and is used asynchronously, it is possible it be forged by an adversary.

I am just going off the content of the blog post and some other research including the specs and the code of some X3DH and Axolotl implementations out there, further research would be needed to see if the prepublished onetime keys are digitally signed or not, and I've not done that research, but from the specs, they do not appear to be. In the Axolotl implementation guide, digital signing of prepublished one time keys is optional, as is encrypting the message header.

I believe that a similar key exchange protocol is also used for video chat and telephone calls.

Note that jumping to Signal will not necessarily leave you any more protected from eavesdropping, since WhatsApp and FB Messenger sublicense the encryption stack (which is called TextSecure v3 / Signal) from Signal.

cookie cutter
  • 1
  • The one time pre-keys don't seem to be signed, but the master secret doesn't depend on just the one time prekeys. So at most, this affects the ephemeral properties of the encryption, but doesn't allow whatsapp to completely break the e2e encryption because signed prekeys are also involved. – nobody Feb 07 '21 at 20:19