"This means the privacy of your end-to-end encrypted group chat is only guaranteed if you actually trust the WhatsApp server."
"This undermines the entire purpose of end-to-end encryption."
"And yet, the entire point of end-to-end encryption is to remove the server from the trusted computing base."
"The challenge here is that since WhatsApp itself determines who the administrators are, this isn't quite so simple."
Not only does this system require trusting a third party, that party is none other than Facebook. Its business is built on learning about the lives of users and selling ads, not serving as a naive broker of "secure messages".
"Do we trust the WhatsApp server?" -- could be also formulated as: "Do we trust the WhatsApp client?". It is obviously made by the same people. Both are closed source and the protocol is reverse engineered. What's the point if they made an auditing but do not communicate the results? It's probably not too surprising if reverse engineering points out vulnerabilities. It's a fenced ecosystem which claims to establish a secure communication but does not.
I wrote a brain dump about my thoughts on that here: https://www.cryptologie.net/article/437/on-real-world-crypto...
tl;dr is "I'd say the problem is in the reaction, not in the published analysis."
Seems like this could be fixed fairly easily with a set of gatekeeper options. When a group gets created, you could have the option of making the group Public (anyone can join), Invite-Only (anyone can join with an invitation from someone already in the group), or Vetted (requires an invitation to join and the person who made the group must approve each person who tries to join).
That way, you account for varying levels of paranoia.
This is the kind of security problem Signal has nowadays? Kudos to moxie.
It seems like all signal has to do is to take the step of validating that the member sending the "group management" message is already in the group first.
There was some discussion here: item?id=16114809
I have been subject of a probing attack on Signal. The attacker put a collection of messages into a group chat and see which ones made it in. Randomly, I am in a group Signal chat with 8-9 other people in my area code.
The attack is real but I’m not impressed by the way they paper over the notifications you’d get that they consider ‘easy to miss’. The messages you get when someone gets a new phone/key are even easier to miss and they’re off by default.
The point is that the server doesn’t know if they’re off and if you’re paying attention so if it’s cheating it runs the chance of being detected.
Does anyone know what the disclosure story is here?
Have WhatsApp and Signal had a chance to respond?
I don’t see why you’d use WhatsApp when signal is such a better alternative. Everyone i’ve gotten to switch has loved it.
So they didn't bother to check if the add to group message was from someone in the group?
I mean no offense to the developers, but this seems like a fairly basic oversight and quite concerning that respected and popular products didn't get this level of review until now.
No crazy cryptographic mess involving improper ordering of authentication or weird random number generation, this is a simple logic bug. One that I'm sure many of us would have considered if we were implementing it, things like this do get missed too of course, but enough eyes on the design could have caught this.