Rating is available when the video has been rented.
This feature is not available right now. Please try again later.
Published on Jan 13, 2017
In this video I am giving a short demo of the backdoor / vulnerability that is currently in WhatsApp and that Facebook refuses to fix. Specifically I will simulate the conversation of two imaginary users of WhatsApp: Edward and Laura. Edward's phone will send a message to Laura's phone after I have enabled all security features that WhatsApp can offer and after verifying the "security key". I will then intercept this message from a third phone, representing a malicious government.
In practice, the malicious party controlling the WhatsApp servers does not need to go through the account re-registration process (simulated by moving the SIM card around). It also does not need to wait till Laura's phone goes into Airplane mode.
The security flaw is that the sender's WhatsApp client will automatically re-encrypt messages with any key it is being given. Then it will just send those messages out into the wild.
Facebook's argument is that this behavior increases usability. lol. Having my apartment's door unlocked day and night would also be quite convenient for me. But not so secure, huh?