Dan Jones
@danwilshirejones.bsky.social
Ooh -- also: The "More is Less" paper (eprint.iacr.org/2017/713 ) pointed out this group membership issue with WhatsApp in 2017 -- almost 8 years ago!
More is Less: On the End-to-End Security of Group Chats in Signal, WhatsApp, and Threema
Secure instant messaging is utilized in two variants: one-to-one communication and group communication. While the first variant has received much attention lately (Frosch et al., EuroS&P16; Cohn-Gordo...
eprint.iacr.org
May 8, 2025 at 10:05 PM
Ooh -- also: The "More is Less" paper (eprint.iacr.org/2017/713 ) pointed out this group membership issue with WhatsApp in 2017 -- almost 8 years ago!
... who have to constantly monitor the UI for changes to the member list. And it is a burden that is unnecessary: Signal deploys cryptographic control of group membership at scale, for example. Thanks @dangoodin.bsky.social for your coverage of our work in this piece: arstechnica.com/security/202...
WhatsApp provides no cryptographic management for group messages
The weakness creates the possibility of an insider or hacker adding rogue members.
arstechnica.com
May 8, 2025 at 9:59 PM
... who have to constantly monitor the UI for changes to the member list. And it is a burden that is unnecessary: Signal deploys cryptographic control of group membership at scale, for example. Thanks @dangoodin.bsky.social for your coverage of our work in this piece: arstechnica.com/security/202...
Our reverse-engineering work also confirms what many in the cryptographic community already knew: a malicious server, either Meta or someone who broke into their infrastructure, can add and remove group members at will. This places an unnecessary burden on users...
May 8, 2025 at 9:59 PM
Our reverse-engineering work also confirms what many in the cryptographic community already knew: a malicious server, either Meta or someone who broke into their infrastructure, can add and remove group members at will. This places an unnecessary burden on users...
Not all is lost, though! In our analysis, we show that WhatsApp's device revocation functionality presents a nice alternative, enabling users to effectively recover from compromise of a secondary device (like their laptop) as long as their primary device remains uncompromised.
May 8, 2025 at 9:59 PM
Not all is lost, though! In our analysis, we show that WhatsApp's device revocation functionality presents a nice alternative, enabling users to effectively recover from compromise of a secondary device (like their laptop) as long as their primary device remains uncompromised.
We found the same issue during our previous analysis of Matrix. Upon reading the WhatsApp whitepaper, we were hopeful that they did not use session management for the channels that distribute group keys. Unfortunately, this turned out to be a gap in documentation rather than a keen protocol choice.
May 8, 2025 at 9:59 PM
We found the same issue during our previous analysis of Matrix. Upon reading the WhatsApp whitepaper, we were hopeful that they did not use session management for the channels that distribute group keys. Unfortunately, this turned out to be a gap in documentation rather than a keen protocol choice.
This completely undermines the healing of individual two-party channels after compromise (see prior work dl.acm.org/doi/abs/10.1...) . Since WhatsApp (and Signal) use these channels to distribute keys for group messaging, this has a similar (if not worse) impact on the security of group chats.
May 8, 2025 at 9:59 PM
This completely undermines the healing of individual two-party channels after compromise (see prior work dl.acm.org/doi/abs/10.1...) . Since WhatsApp (and Signal) use these channels to distribute keys for group messaging, this has a similar (if not worse) impact on the security of group chats.
The whitepaper is missing documentation of a few key features, features whose presence (or lack thereof) alter WhatsApp's security guarantees considerably. WhatsApp allows for multiple active Signal channels between devices (like many implementations of the Signal protocol).
www.whatsapp.com
May 8, 2025 at 9:59 PM
The whitepaper is missing documentation of a few key features, features whose presence (or lack thereof) alter WhatsApp's security guarantees considerably. WhatsApp allows for multiple active Signal channels between devices (like many implementations of the Signal protocol).
To start, it seems that WhatsApp is honestly aiming to provide end-to-end encryption to their users; we saw no signs of funny business. And, for the most part, they achieve this goal. There are some caveats, however.
May 8, 2025 at 9:59 PM
To start, it seems that WhatsApp is honestly aiming to provide end-to-end encryption to their users; we saw no signs of funny business. And, for the most part, they achieve this goal. There are some caveats, however.