±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 0 Overall: 36125
New Yesterday: 1 Visitors: 173

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Videos

±Latest Jobs

Whatsapp backdoor

Discussion of forensic issues related to all types of mobile phones and underlying technologies (GSM, GPRS, UMTS/3G, HSDPA, LTE, Bluetooth etc.)
Subforums: Mobile Telephone Case Law
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
Page 1, 2, 3  Next 
  

droopy
Senior Member
 

Whatsapp backdoor

Post Posted: Jan 14, 17 00:13

As i state in this forum 8 months ago, Whatsapp has a BACKDOOR
thehackernews.com/2017...kdoor.html

Not only this application but also Telegram , Signal and almost ALL "secure" chats.

I told this info 8 months ago (HERE IN THIS FORUM), and now is public.
Whatsapp Source Code (by reversing it) could be offered Smile

Droopy  
 
  

jaclaz
Senior Member
 

Re: Whatsapp backdoor

Post Posted: Jan 14, 17 01:36

- droopy
As i state in this forum 8 months ago, Whatsapp has a BACKDOOR
thehackernews.com/2017...kdoor.html

Not only this application but also Telegram , Signal and almost ALL "secure" chats.

I told this info 8 months ago (HERE IN THIS FORUM), and now is public.
Whatsapp Source Code (by reversing it) could be offered Smile

Droopy


Actually the article says that it is specific to Whatsapp implementation (and not to Signal), and points to the finding by Tobias Boelter which is dated April 16, 2016 :
tobi.rocks/2016/04/wha...erability/

thehackernews seemingly found it only today, (after The Guardian "discovered" it).

And this is anyway a completely different one from the one(s) that you claimed in May 2016:
www.forensicfocus.com/...c/t=14178/

jaclaz
_________________
- In theory there is no difference between theory and practice, but in practice there is. - 
 
  

droopy
Senior Member
 

Re: Whatsapp backdoor

Post Posted: Jan 14, 17 06:02

This is an old bug, i discover another on December 2015, and sell the exploit to a goverment that uses to monitor whatsapp.

By auditing the code you could find many others.

Signal implement a FAKE zrtp, no key continuity, which means: I could create a new key on each call and make a MITM. Thats how i intercept signal messages now for a goverment.

Telegram is hacked by Russia FSB, google it for 1 year aprox. It is public, just use Google Search Engine  
 
  

randomaccess
Senior Member
 

Re: Whatsapp backdoor

Post Posted: Jan 14, 17 08:02

- droopy

I told this info 8 months ago (HERE IN THIS FORUM), and now is public.
Whatsapp Source Code (by reversing it) could be offered Smile


Did you notify whatsapp/facebook?  
 
  

droopy
Senior Member
 

Re: Whatsapp backdoor

Post Posted: Jan 14, 17 19:29

No, i discover bugs and exploits for goverment only.
Even some bugs are put ON PURPOSE on the code for the backdoor, even if you inform them, they will not solve it.

Like Silent Circle backdoor product that adds on purpose a buffer overflow code on the source code "just in case" you need to monitor someone Smile

Many of these exploits are ON PURPOSE added on code.  
 
  

jaclaz
Senior Member
 

Re: Whatsapp backdoor

Post Posted: Jan 14, 17 19:55

It is very possible that both whatsapp and signal (and everything else) have backdoors and can be intercepted/whatever.

It is also possible that you actually know about these vulnerabilities.

What is a little more difficult to believe is that you are the only one that knows about them, that governments buy software from you and that you are here spreading the "news" about the insecurity of those programs.

I mean, you have this wonderful piece of software that can intercept messages on a platform, you make money out of it, your clients are governments (that usually have a fancy for keeping these kinds of things secret) and you go around telling everyone (besides how smart you are) that people should NOT use that platform because it is insecure? Shocked

It sounds like you are undermining your own market. Confused

And now - just for the record - the Whisper Systems' take on the matter:
whispersystems.org/blo...-backdoor/

jaclaz
_________________
- In theory there is no difference between theory and practice, but in practice there is. - 
 
  

Chris_Ed
Senior Member
 

Re: Whatsapp backdoor

Post Posted: Jan 16, 17 14:51

- jaclaz

And now - just for the record - the Whisper Systems' take on the matter:
whispersystems.org/blo...-backdoor/

jaclaz


To summarize this; moxie states that every time a key is changed then the user on the other side is informed. They considered whether to just inform the user or stop all messages, but decided that as WhatsApp is a gigantic entity just to inform the user is enough. This is an optional feature but it exists non-the-less. It is not a "back door".

Furthermore, historic messages cannot be decrypted in this way. If A is talking to B and dude C intercepts the chat, C cannot decrypt historic messages from A without asking them to be specifically re-sent.

-----------------

Anyone can see a reported vulnerability and say "see guys? I WAS RIGHT" but it proves nothing. Furthermore, Whisper Systems make their encryption protocol available to everyone, so it's not like it's a gigantic secret how these things are implemented.  
 

Page 1 of 3
Page 1, 2, 3  Next