Is WhatsApp Hacked?

Forbes is reporting that the Israeli cyberweapons arms manufacturer Wintego has a man-in-the-middle exploit against WhatsApp.

It’s a weird story. I’m not sure how they do it, but something doesn’t sound right.

Another possibility is that CatchApp is malware thrust onto a device over Wi-Fi that specifically targets WhatsApp. But it’s almost certain the product cannot crack the latest standard of WhatsApp cryptography, said Matthew Green, a cryptography expert and assistant professor at the Johns Hopkins Information Security Institute. Green, who has been impressed by the quality of the Signal code, added: “They would have to defeat both the encryption to and from the server and the end-to-end Signal encryption. That does not seem feasible at all, even with a Wi-Fi access point.

“I would bet mundanely the password stuff is just plain phishing. You go to some site, it asks for your Google account, you type it in without looking closely at the address bar.

“But the WhatsApp stuff manifestly should not be vulnerable like that. Interesting.”

Neither WhatsApp nor the crypto whizz behind Signal, Moxie Marlinspike, were happy to comment unless more specific details were revealed about the tool’s capability. Either Wintego is embellishing what its real capability is, or it has a set of exploits that the rest of the world doesn’t yet know about.

Tags: , , ,

Posted on October 4, 2016 at 1:47 PM31 Comments

Comments

Evan October 4, 2016 5:23 PM

What is the likelihood that the Israeli defense industry has an unpublished cryptanalysis of (e.g.) AES256 that actually practical? I’m inclined to say “little to none”, but I don’t know enough about their projected capabilities to say.

z October 4, 2016 5:34 PM

@Evan

I seriously doubt that they have any sort of cryptanalytic attack on Rijndael. Side-channel attacks on the implementation? Maybe.

z October 4, 2016 5:35 PM

I meant to say “practical” attack on Rijndael above. I’m sure they do have impractical attacks.

Joe K October 4, 2016 8:36 PM

@Moderator

Does your censorship of @Grey’s link reflect a new policy of @Bruce?

Is there someplace we can read the specifics of that policy?

Joe K October 4, 2016 8:52 PM

@Moderator

My previous query was based on the assumption that @Grey posted a link to a copy of the article (hosted at some site that does not refuse to serve content to web agents that fail to run arbitrary javascript).

But, on a second reading, it seems equally possible that Grey’s comment itself contained the full text of the article in question.

If that second scenario is the case, please forgive my confusion.

LeeHamm October 4, 2016 8:57 PM

@Joe K
Maybe ‘Copyvio’ means copyright violation, in the scenario where the article was copied and pasted. Links make more sense for a new site!

Michael October 4, 2016 10:01 PM

From the article

… detailed contact lists, year-by-year calendars, files, photos, web browsing activity, and more.” It does that by acquiring login credentials for distinct accounts and then silently download “all the data stored therein” …

and

Where there are no credentials required – with chat apps like WhatsApp and, presumably, Facebook Messenger, Google, Allo, Telegram, etc. – the Extractor can pilfer secured data right from the apps.

This sounds to me much more like they have a WiFi Pineapple and some exploits for Android and iOS that allow them to get root access and siphon off credentials and stored messages rather than any earth shattering AES breaking attack.

For example the libutils bug in android could probably be triggered through DNS or some other service that runs in the background and can be easily MITMed and I’m sure you could get similar bugs in iOS if you looked hard enough or had enough money.

Simon B. October 4, 2016 11:52 PM

I think the easiest way for the attacker would be to use a privilege escalation exploit to read WhatsApp’s memory or read messages from the data folder, I believe they are only protected from other apps, and not encrypted.

This seems to be usual, e.g. Telegram: https://blog.zimperium.com/telegram-hack/

Patrick October 5, 2016 1:03 AM

@Moderator: the link to Forbes yields only a blank page. Can you please edit the link to point to a page that shows the article?

Clive Robinson October 5, 2016 1:44 AM

@ Patrick,

… the link to Forbes yields only a blank page.

This has been a standard feature of Forbes for some time now. The last time I looked into it it appeared to be what you would expect with a poorly implemented site starting to switch over to a different revenue model.

@ All,

Mathew Green quoted above is currently involved in a court case against the US DoJ over the DMCA section 1201. He is being “supported” by the EFF and is petitioning the court on First Amendment grounds, and there have been some interesting wriggles at the end of last month. PDFs of which can be found from,

https://www.eff.org/cases/green-v-us-department-justice

Drone October 5, 2016 2:54 AM

I can read the original Forbes article in-full with no pay-wall at the link provided in the top-post. To do so, I only had to temporarily allow scripting for the the “forbes.com” site, no others (and there are Many others, all nested like an onion!) Ads were unblocked, but with only forbes.com scripts allowed there are no ads anyway. If you want the side panel and follow-on articles to show, simply allow scripting for the “forbesimg.com” URL as well (no others needed). I’m using FireFox 49.0 with the NoScript 2.9.0.14 plug-in in Linux Mint Cinnamon 17.3. I am located in S.E. Asia. Readers in other geo-locations may see different results. Enjoy…

Clive Robinson October 5, 2016 3:46 AM

In the article, Matthew Green who has looked at the Signal code sufficiently to form an oppinion says,

    They would have to defeat both the encryption to and from the server and the end-to-end Signal encryption. That does not seem feasible at all, even with a Wi-Fi access point.

Whilst that is probably correct for attacking the algorithms, it might not be true for the practical implementation. That is the implementation on a device may have various communications time or power side channels that could be exploited.

Further as others above alude to it might involve some kind of malware injected into the device across the air that could get at device drivers etc for the keyboard and screen. However if that were the case you would expect the malware to be broader in scope and not just for WhatsApp.

Hence if I were placing the price of a pint on it I would be looking for some kind of side channel attack….

However it may be easier

Clive Robinson October 5, 2016 5:40 AM

@ Roger,

Is a P2P messaging app like Bleep by Bittorrent Inc. safer and more secure?

Long answer short “no”.

Look at it from an attack developers perspective, to pay for the R&D of a product they need it to be marketable in a relativly short window of opportunity.

Thus they will find and develop attacks for all popular platforms and those that are likely to become popular. They will then try to “guess the market” to sell at an optimum time.

This means that likewise the larger agencies will have also developed attacks, but as they don’t sell product they do not have optimum market considerations to take into account, just getting the job done.

Thus it would be wise to assume that all messaging systems be they instant, Email, VoIP or other are insecure, especially if they are popular or standardised through the more traditional standards organisations.

What you need is a two part solution, a security device and a communications device. At it’s simplest the security device could be an old fashioned One Time Pad, the communications device anything that is currently convenient. What ever else you do never ever use a single device, and never put sensitive plaintext on the communications device no matter how urgent etc.

Provided you folow the rules you need not worry about the security of the communications device. However using as secure a communications device as you reasonably can, has the advantage of making any attackers job that not so little bit harder to isentify you as a person of interest.

Moderator October 5, 2016 7:54 AM

@Joe K, @LeeHamm, @All: Yes, full text of the Forbes article was deleted after posting due to violation of copyright. Per fair use, visitors may include brief, relevant excerpts from copyrighted material in their comments, but not full text. @Patrick: I’ve added a terminal forward slash to the link; if this doesn’t help, a script-blocker may be preventing the page from displaying.

Curious October 5, 2016 8:22 AM

Speaking of passwords, I get annoyed every time I see the login field for a forum where there is also a login feature for Facebook.

The weird thing, to me anyway, is that even though the login field on the top for Facebook is empty, there is a ticker that says “stay logged in” (for Facebook login) and that ticker is enabled by default. So, even if I just enter my credentials to log into the forum and not Facebook, because of the two login fields seemingly being linked as an interface, I sort of wonder if Facebook can “siphen” off forum passwords that way.

Curious October 5, 2016 8:26 AM

To add to what I wrote:
To correct myself. It doesn’t actually say “stay logged in”, but “remember me”.

Daniel October 5, 2016 8:48 AM

Brazilian Federal Police claims to have intercepted whasapp conversations, both on supposed-to-be terrorists and judges who are accused of selling habeas corpus to drug dealers. All is well, but how the feat was done?
In this article, a Brazilian Specialist in security claims that whatsapp had provided the users with compromised keys. I do not know how this would be possible in an end-to-end encryption system.
“First detail is: whatsapp can collaborate, because the app controls key distribution” (tanslation by yours truly).
Original:
g1.globo.com/tecnologia/blog/seguranca-digital/post/como-o-governo-teria-grampeado-terroristas-no-whatsapp.html (Portuguese)

Clive Robinson October 5, 2016 9:12 AM

@ Here’s Johnny,

What about Bit Message is that any good?

I don’t know, because I trust none of them. Therefore I mitigate them by use of a secure device external to anything they might offer.

So I’ve no real need to check any of them from a “secure privacy” aspect.

That said it’s not just the “secure privacy” you need to wory about, but also “secure routing”, and this is an asspect that is a much harder problem to deal with.

Rolf Weber October 5, 2016 9:14 AM

From the brochure:
“Using the WINT interface, the system operator activates CatchApp on the target
‘s device.”
“The CatchApp solution can be activated on virtually all mobile phones running
Android 4.0 or later and iPhones running iOS 7.0 or later.”

I think that makes it clear that the Wifi MITM is used to install some implant on the target’s phone.

Without more technical specification, it is of course much speculation, but I think it’s quite realistic that the device works.

Here's Johnny October 5, 2016 10:45 AM

@Clive Robinson

Bit message is interesting because it encrypts metadata.

Messages get broadcast to everybody which is both it’s biggest strength and weakness. (Only the intended recipient can decrypt the message.)

Like you said it is very hard to communicate securely without owning all the pieces but I think the network is a good idea.

mb October 6, 2016 8:47 PM

Am I missing something here?

The documents support shit. They are old.

The ‘most recent literature’ mentions iOS7 and Android 4 in the last paragraph of the first document and states that 95% of devices run on that.

iOS8 and Android 5 were released in 2014. So this document is most certainly predating WhatsApp encryption by quite a bit.

Moshe Reuven October 7, 2016 3:23 PM

I’m not so sure. There are people around, like the folks who hang out on YCombinator’s “hacker new” that like to blame Israel for everything. I don’t think this is true at all.

Raul October 9, 2016 9:30 AM

Wintego is offering just a wifi interceptor that do man in the middle.
Nothing new.

Signal, whatsapp,etc are ALL fake. I also intercept their communication for last 2 years and post results on forensicfocus.com

Useless security for kids 🙂

Marcus Lopez April 18, 2023 11:50 AM

Hey guys
If you have a poor credit and cant get approved for any type of loan, credit hero is the best guy for this service. He has boosted i and my brothers credit to excellent in just 1 month. After getting denied so many times
trying to get a loan i finally got a loan to buy a house for my family . you can also send an email to
credithero123 @ gmail . com and he will improve your credit and add good trade lines.

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.