A Dutch computer science student has said that all users on WhatsApp, a popular messaging alternative to SMS, should consider their chats compromised after he has found flaws in the encryption used in the app.
“You should assume that anyone who is able to eavesdrop on your WhatsApp connection is capable of decrypting your messages, given enough effort. You should consider all your previous WhatsApp conversations compromised.” Thijs Alkemade, a Computer Science and Mathematics student from Utrecht University in the Netherlands, wrote in a blog post.
“There is nothing a WhatsApp user can do about this but except to stop using it until the developers can update it.”
He also says that the Android and Nokia S40 versions were vulnerable in another blog post, adding that it is likely that other versions carry the same flaws.
Alkemade says that WhatsApp uses the same RC4 key to encrypt messages in both directions, meaning that if the attacker had access to the victim’s multiple messages, he could easily decipher the plaintext.
“As WhatsApp uses the same key for the incoming and the outgoing RC4 stream, we know that ciphertext byte i on the incoming stream xored with ciphertext byte i on the outgoing stream will be equal to xoring plaintext byte i on the incoming stream with plaintext byte i of the outgoing stream. By xoring this with either of the plaintext bytes, we can uncover the other byte,” he wrote in his blog post, revealing his findings.
While he stresses that it won’t reveal all the bytes, he claims that it is easy to work out the messages due to its common structure.
“Even if a byte is not known fully, sometimes it can be known that it must be alphanumeric or an integer in a specific range, which can give some information about the other byte,” he writes.
He also found flaws in how WhatsApp authenticate messages – it did not have a TLS sequence counter to prevent tampering, and it was reusing the RC4 key for the hash-based authentication codes.
We’ve asked WhatsApp for a comment.
In other news, WhatsApp also experienced another attack on its website – this time by a pro-Palestinian group known as KDMS, who redirected their domain to another IP address. The company says that no user data was lost or compromised.
via SC Magazine