Loading...

#WABackdoor

WhatsApp Backdoor / Vulnerability demonstration

98,958 views

Loading...

Loading...

Transcript

The interactive transcript could not be loaded.

Loading...

Rating is available when the video has been rented.
This feature is not available right now. Please try again later.
Published on Jan 13, 2017

In this video I am giving a short demo of the backdoor / vulnerability that is currently in WhatsApp and that Facebook refuses to fix. Specifically I will simulate the conversation of two imaginary users of WhatsApp: Edward and Laura. Edward's phone will send a message to Laura's phone after I have enabled all security features that WhatsApp can offer and after verifying the "security key". I will then intercept this message from a third phone, representing a malicious government.

In practice, the malicious party controlling the WhatsApp servers does not need to go through the account re-registration process (simulated by moving the SIM card around). It also does not need to wait till Laura's phone goes into Airplane mode.

The security flaw is that the sender's WhatsApp client will automatically re-encrypt messages with any key it is being given. Then it will just send those messages out into the wild.

Facebook's argument is that this behavior increases usability. lol. Having my apartment's door unlocked day and night would also be quite convenient for me. But not so secure, huh?

For more on this issue, see my blog at https://tobi.rocks/.

What do you think? Should WhatsApp or the government have access to your communication? What do we do after WhatsApp lied us in the face about the security of their "end-to-end encryption"?

#WABackdoor

Loading...

When autoplay is enabled, a suggested video will automatically play next.

Up next


to add this to Watch Later

Add to

Loading playlists...