WhatsApp's 8-Month-Old Flaw Allows Interception Of Encrypted Messages

Status
Not open for further replies.

rantoc

Distinguished
Dec 17, 2009
1,859
0
19,780
0
They knew about it and didn't care because it allowed them and their best buddies in the 3 letter agencies to snoop on the messages.

I believe this snoop on everything attitude will be the death of US tech companies once the general public in large enough numbers starts to see how rotten their true privacy side is.
 

hotroderx

Distinguished
May 15, 2008
343
0
18,810
5
I agree something like this should be released to the public so they can decided if they want to use or not use this program, but to be honest with you if they don't want to encrypt it ok!

People need to start taking a realistic view of things. One the government most likely could careless. There only some many resources at any governments disposal. Just because they can or could do something doesn't mean they well. This narcissistic view by people about everything is getting as bad as the PC.

Most people most likely use a chat like this to send nudes of them selfs are talk about dirty things to each other. Both I highly doubt is a priority for the government! They might also use it to talk about there date or what they had for dinner are there ear infection! Once more no one cares other then the other person on the end of the chat... they most likely dont care either! There just saying they do as not to be rude

Most corporations and just people in general dealing with serious information are most likely going to use there own secure systems. There sure not going to rely on a app created or owned by facebook for such communications.

That said cause i know already getting voted down but what ever I really don't care. Instead of focusing on privacy for what I would call simply stupid things! I want privacy for important things like wireless encryption inside homes and business and laws on how information obtained could be used.

I want strengthen encryption and privacy where it counts! IOT devices! and hardware. Routers, tvs, computers, etc. These are devices that should be truly secure not from someone collecting data about XYZ to show you do YZX on your computer. Real security that stops a hacker from gaining access to your pc or device to install some type program to cause it to become corrupt are be used to attack another system.
 

Olle P

Distinguished
Apr 7, 2010
669
50
19,090
24
This isn't much of an vulnerability. Signal is using asymmetric encryption, and it's a new public key that is being sent to the sender of the message.
Just as with any other type of encrypted traffic the sender needs to trust that the key belongs to the intended receiver of the message and not to some middle agent. This can be verified in many ways using other means of communication.

The "vulnerability" here is that the exchange of keys by default is done without notification, but since notifications can be activated a middle-man can't know whether or not the attempted intercept will be noticed before the message is being sent.
 

Andrei M

Commendable
Jan 16, 2017
1
0
1,510
0
It's really annoying to see to see such poor reporting on Tomshardware. It's not a backdoor, it's not a vulnerability, it's by design and it's carefully engineered with the user's privacy in mind. Saying "Boelter said this vulnerability could allow entire conversations to be intercepted" without explaining how that claim is false ("entire conversations" CANNOT be intercepted) really hints at the author not understanding what he's talking about and not having the curiosity to research it at all.
Here's Moxie's (the creator of the Signal protocol) explanation clarifying everything: https://whispersystems.org/blog/there-is-no-whatsapp-backdoor/

It's not the first time I notice shallow reporting by this particular author (although in this case it's not just shallow, it's utterly misleading and mostly false). Please, take a bit more care.
 

dE_logics

Reputable
Oct 16, 2015
73
0
4,630
0
Too bad the general public didn't know about 'closed source protocol' and it's implications before adopting the app.
 
Status
Not open for further replies.

ASK THE COMMUNITY

TRENDING THREADS