I wonder if this is similar to Snapchat. Snapchat uses AEC-ECB encryption (which you should never use) with a single key that is not-so-carefully hidden in every binary file they've ever distributed to a mobile device. The kind folks at Gibsonsec revealed Snapchat's "security by obscurity" and documented the API so well that I was able to make a Java Snapchat client in a few hours.
I hope that's not the case for WhatsApp, they have a lot more to lose.
Is this just a key to encrypt chat logs local to the phone? I'm assuming they're not using this to encrypt messages in transit...
If it's just local storage, then obviously it'd be easy for anyone to figure out how the app reads the logs. 95% or more of chatting programs and apps do not even encrypt chat logs in the first place.
Somewhat ironically, Diaspora itself has had a staggering number of critical vulnerabilities found since its inception. Numerous persistent XSS flaws were found in the first release.
Is this new news? I thought there were already tools out there making use of this key (eg a proof of concept app to steal the whatsapp db on an android [1])
Sigh You can't 'leak' a symmetric key. If the messages are encrypted on your phone then you already have the key. If they're not then it doesn't matter.
That it uses the 'same' symmetric key for all users is what has everyone concerned. Coupled with the fact that WhatsApp stores your chats on external SD cards [1] without access controls, any APP you have installed can access and decrypt your WhatsApp chat history using this key.
The security flaw here is that there aren't any access controls, not that they use the same symmetric key everywhere for local storage. Even if they store the logs in plaintext, other apps should not be able to read those logs.
"true", but maybe the key was obfuscated... Anyways, it seems that WhatsApp didn't encrypt messages until 2012, then they started using symmetric crypto http://pastebin.com/g9UPuviz
If confirmed, this is a huge blow. It's not just about regenerating the leaked key -- a design relying on a single master key for multiuser messaging is fundamentally broken. It will take months to rebuild it in a sane way.
hmm, this guy has a lot of followers on Twitter, and this tweet is a couple days old. The lack of shitstorm, I presume means this isn't all it's cracked up to be? What is it that is supposedly decryptable with this key? Without more info I'm kinda stumped as to what we're looking at.
Yeah, I was actually a bit surprised that this thread wasn't mostly people pointing out the irony of this particular person scoffing at someone's security flub.
This is the nature of shipping client code. Any key they used can be extracted by a sufficiently determined individual. The real security issue was not storing the database in the app's private directory.
That's really just security through obscurity. You're still shipping code that explains the process of obtaining the key. If they store their credentials to obtain the key in a public directory, it's just as vulnerable.
Wrong. If a phone can only retrieve the key for it's own number (e.g. via SMS request), that's orders of magnitude better than the current case where one key can decrypt logs for any arbitrary number. Each SMS request could generate a new key, so even if another app on the same phone does it, it won't be able to get the key to read the logs.
This still relies on the legitimate app not storing the key they fetched in a public directory so the attacker can read it. You can keep adding layers upon this, but it doesn't change that.
I'm not defending their approach, I think it's terrible, I'm just saying that the cost of simetrically encrypting a file with a hard-coded key in Android is too low not to do it...but you should improve it ASAP...
Yes. That is, for example, how Firefox stores passwords (if you enable the master password option).
I imagine they haven't bothered to do this for usability reasons, since people would have to type in the password every time they start up the app. Adding it as an option certainly couldn't hurt, but even then I'm not sure there's a point. Most people leave their phones on most of the time, and WhatsApp is probably going to be running in memory that whole time, in which case someone who steals your phone will still probably be able to read all your chat logs anyway.
I hope that's not the case for WhatsApp, they have a lot more to lose.