Your WhatsApp conversations may not be as safe as you think

By Adam Zeis on 9 Oct 2013 04:32 pm
10
loading...
380
loading...
216
loading...

A post popped up yesterday from Thijs Alkemade, a computer science and mathematics student at Utrecht University in The Netherlands. The post outlines a bit of the core encryption methods of WhatsApp, highlighting a few of the technical aspects of the service and also noting some big vulnerabilities. 

If you can follow along with the original post, you can see that Thijs runs through two "mistakes" that WhatsApp uses in its methods, both of which are able to be exploited if someone has the know-how. Ultimately he determines that your WhatsApp messages can be decrypted given enough effort by a would-be snoop. 

You should assume that anyone who is able to eavesdrop on your WhatsApp connection is capable of decrypting your messages, given enough effort. You should consider all your previous WhatsApp conversations compromised. There is nothing a WhatsApp user can do about this but except to stop using it until the developers can update it.

Of course this is something that could be (and will need to be) fixed by WhatsApp to patch things up, so they could very well be corrected soon. He also notes that the problems could be avoided if WhatsApp were to use something like TLS (Transport Layer Security), which is exactly what BBM uses for their services.

From Andrew Bocking, Head of BBM for BlackBerry:

I can’t really speak to all of the technical aspects of the WhatsApp system. However people can rest assured that BBM remains a trusted private social network. Where other services may be vulnerable to unwanted snooping or eavesdropping, BBM increasingly uses standard TLS deployment to remove that vulnerability from our service. TLS is a well-known, well-studied protocol. To put it in every day context, this is the same technology used for internet banking.

Hearing things like this can't make cross-platform BBM get here soon enough. We know the demand is crazy high but we just need it to be released. Sadly we're over three weeks in since it was supposed to launch originally, and while it's still on the way, we have no idea when we'll actually see it. Thankfully when it does show up you can rest assured it will be a solid, private messaging service that won't have such issues or vulnerabilities. Something to keep in mind, in light of recent attacks on WhatsApp.

134 comments

Genghis2k3

I guess that's the kind of info needed to be spread, before the release of cross platform BBM.

tw1g_007

Assuming BlackBerry gets off their asses and release the damn thing to the public asap.

via CB10 (BB Z10 : BLK : OS 10.1) [ Channel @ C0012477B for BB News, MMA & Tech Updates ]

thedustytaco

Who cares. They shud bring pokemon x and y to blackberry 10.

.

Jk.

Ronic

Lmao what the actual #$@?/!!!

Posted via CB10

BerryWizard

Agreed. I am tired of friends asking questions about it.

Posted via CB10

MC_A_DOT

Yer I don't see a point in this article when none of the other platforms bloody have BBM for fook sake. They're taking too long...

FrankDLR1972

What's so difficult anyway? There are a million cross platform IM clients out there.

 BBM Channel: TheGroupRide C00055B7C

bintheredundat

Boom!
Here's to getting cross platform bbm in 2015! Cant wait.

Last official bbm twitter update : Sept 30th. Good times.

Posted via CB10 on my Z10 Oreo

Kingdmen

Lol. But it just wouldn't be the same if BlackBerry was on time with things now would it

Posted via CB10

mauro316

Coming soon, and keep moving...

Posted via BlackBerry Z10

FrankDLR1972

Coming Soon™ Presented by BlackBerry ®.

 BBM Channel: TheGroupRide C00055B7C

Ronic

BlackBerry should start branding longlasting condoms. You'll never come again.

Posted via CB10

MC_A_DOT

LOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOL haha +2013

kthhrrsn

LOL!!

Keith H. Posted using CB10.

triplekia

I'm calling it, BBM cross platform would be released at November, as soon as BlackBerry sale is finalised.

Posted via CB10

svelt

I never trusted Whatsapp with anything confidential (never sent any credit card info or other sensitive details). Always told my contacts I will email them and suggested they do the same. BBM on the other hand I have felt very secure in relaying all kinds of information.

canbbguy

You trust email with confidential things? Do you understand how email works, and how its even less secure?

rustlecrowe

Well, is that really a surprise?

bbschorsch

I always said that and that's why I left whatsapp when I upgraded my 9900 to BlackBerry 10

But it seems people don't care about privacy any more.

Given this as a fact it would be interesting how you can sue someone for stealing your data.
At least here in Germany this would be interesting because if you leave your car open for example and it gets stolen you are in serious trouble because you invited him to steal it....

Posted via CB10

Anonymous2039

Wow. Really? Sounds pretty stupid. So you get in trouble because somebody stole your car--what is the world coming to?

Posted via CB10

93Aero

In the States you can actually be written a citation for having your car stolen.
ONLY, if the keys were in the ignition. It was $75 fine years ago so I'm sure it's gone up by now.
Some study showed how auto thefts went up each winter because people would come out in the morning and warm their cars and go back inside and leave the vehicle running.

BerryWizard

It's against the road security code to leave a vehicle unaccompanied with unlocked doors in Canada. Most people here don't know it until they see the ticket on their windshield. The problem is that if a 10 yo get in your car and take out the brake, car moves and hurt someone. Or you left your keys in, the kid take the car and kill himself + possibly others.

Posted via CB10

Thachoc1

That's funny but very deserved. Lock your damn doors, too easy!!! LMAO!!! All throughout life HUMANS are taught to protect themselves, it won't sink in until its too late.

mr_zed10

I like the way he compares the tech behind BBM as being the same layer used in Internet banking.

Nice :)

Posted via CB10

sjmartin007

Technically it is. Online banking and FTP programs use this type of security.

Posted from the most powerful smartphone,z10

SlcCorrado

This is still news to some??? Just Google "Whatsapp security" and read till your eyes bleed. No one should consider Whatsapp to be secure

Duffman19

Yes it would be terrific if I could have encrypted communication like BBM with iPhone android users but alas it hasn't launched yet. #botch

Posted via CB10

xcler82xs

On the topic of BBM...where is it???

Posted via CB10

hajmuntz

I had forgotten 'bout cross platform BBM. Assumed it was like BB10 on the playbook...

Posted via CB10

VR6

I never thought they were safe. Assumed they were public domain.

Fired from my Z10

Tumacana

Did Anyone think that WhatsApp was Safe?????? No even fair to compare it to BBM. BBM is comparable to iMessage...that's about it.

wilsonryanp

iMessage is somewhat comparable to BBM... fixed it for you! ;)

erott

Regardless, whats app is winning and is used multi platform. The got their s@?!$ together years ago.

Posted via CB10

kupfernigk

Unfortunately the general public is pretty clueless. If something is cheap and easy to use, forget the downsides.

Posted via CB10

Ben1232

"Yeah but it has 800 emoticons" Haha !

Posted via my CB Q10

Anonymous2039

How many different emotions does a person need to express?
:)
;)
:(
That's all a person needs--not even.

Posted via CB10

3_M4N

:s

"The Best Device is Debatable - The Best Security is Not"

shredney

(o)(o)

Posted via CB10

kthhrrsn

+1000

Keith H. Posted using CB10.

kthhrrsn

+1

Keith H. Posted using CB10.

raino

=3...oh what, not that kind of a party?

papped

Won't really matter since BBM completely botched their release several times over already and still isn't out...

bintheredundat

Exactly!! Cross platform security with reference to bbm is a non argument because cross platform bbm doesn't exist.
We're comparing a functional product to a non functional product.

Posted via CB10 on my Z10 Oreo

zkyevolved#AC

I couldn't agree more. When BBM gets released for my Android device then we'll talk. I hate WhatsApp for other reasons than security, even though it's a big part. Privacy is the biggest issue for me. All that last seen garbage is a pain in my butt. I hate it. I use LINE but I can't wait til BBM gets released for the Android os.

jic999

Whats App is a toy platform......plain and simple !

trwrt

When he says "BBM increasingly uses standard TLS deployment", that could mean just about anything. The vast majority of data transfer could still not be using it, as long as the tiny piece that does is getting a little bigger.

rickster2611

Don't say anything yet BlackBerry

Don't release BBM cross platform until it is 100% ready and been tested to death.

Posted via CB10

bintheredundat

Exactly. Wait till KIK and whatsapp have so many users that nobody will desire to change to bbm. :s

Posted via CB10 on my Z10 Oreo

keith2k1

This is one more reason why I'm waiting for BBM. I don't care how many users that app has I will NEVER go with that app.

TioPepe78

My only recommendation is not to send passwords, account numbers, credit card numbers and other sensible data by this means of communication, that will be the only data that may get you harmed and the one that maybe someone would be trying to get.

Tumacana

Its bad enough that if you use WhatsApp, they already have your REAL phone number. Wack!

gfondeur

It can't be more true!

rickster2611

BlackBerry's reputation is already in the toilet.

Making promises that they can't keep is their USP .

I'm sure that goes down well with consumers.

It's time for some cool heads and a proper execution programme complete with deadlines.

Posted via CB10

textmint2013

Who cares whether whatsapp is secure or not? If anyone on CrackBerry has top secret conversations then I'm sure they know better than to use whatsapp. For everyone else whatsapp is more than enough. Who cares whether BBM has online banking level security? They can't even bloody get it cross platform which every other IM client had been able to do like Whatsapp, Viber, Line, WeChat, and whoever else. Everyone pontificating about whatsapp's security or lack of it are just asses. If u already use Facebook on ur phone whoever needs to know ur business knows it. So if anyone thinks it's a great deal for BBM to have top of the line app security it's just bullshit and doesn't mean anything to anyone other than dumb ass fanboys. I am so sorry that it has come to this but it's exactly this attitude that has brought blackberry the company and the brand to this state of affairs. When competitors are able to achieve simple things the focus should be on understanding if those successes can be replicated instead of deriding them for it. If we still are hung up about whatsapp's security I think we are missing the whole point. This is an entreaty to CrackBerry nation and those who write articles. There are enough things to cover to cater to the faithful and make this a winning forum than write deriding things about the competition. The ones who do that are just sore losers and nothing more. Maybe we should think about that.

Posted via CB10 from BB Z10 (My stable: 8310, 8520, 9900, Z10)

Whyareallthegoodnamestaken

As opposed to deriding fellow forum members?

Posted via CB10

textmint2013

I have said what I had to say. It's up to u to decide whether I'm right or wrong.

Posted via CB10 from BB Z10 (My stable: 8310, 8520, 9900, Z10)

Genghis2k3

Define pontificate. Oh wait, you just did.

You do realize this is a forum for BlackBerry users, right? People are expected to express their views, regardless of their ridiculously flawed thought process or the ridiculous number of inaccuracies. You just exercised your privilege to the same - why would you complain?

textmint2013

I've said what I had to say. It's up to u to decide whether what I've said is right or wrong.

Posted via CB10 from BB Z10 (My stable: 8310, 8520, 9900, Z10)

axeman1000

Wow you must be forced to use a blackberry at work and are upset by it. Work realizes security is of vital importance and that's where blackberry rules. The conservation you may have about boys or girls however you flow it should be sage, you seem like the type that could hate having a camera on you all the time but dont think about your phone security. If it's got it it's a plus, if no security, why use it. Common sense to me, weither I am branded a fan boy or not.

Posted via CB10

textmint2013

:)


I love BBM. The purpose of the argument was not to portray it in lesser light but to define it's standing as an IM client. The moment we decide to focus on the shortcomings of Whatsapp, we've lost the battle because we're going on the defensive. That's the point i've been trying to make. BBM is superior to Whatsapp on the security front but that doesn't matter because most people don't care about it. That's why our argument should not revolve solely around the theme of security because save for a few corporations and maybe some individuals like u & I, the vast majority don't care about security. This is why facebook is a rip roaring success and why Edward Snowden is the villain in a battle revolving around civil liberties. In this back drop if our only argument is BBM is secure, then no one will care because everyone already knows that. It's what more BBM can do that will be the key to its adoption. If our script revolves around whatsapp, then we first need to prove that we are as good as them, bring cross platform then we become equal to most IM clients. Until then this security hullabaloo is just white noise and preaching to the choir. ‎

U all know it and ur reactions just prove it.

Posted via CB10 from BB Z10 (My stable: 8310, 8520, 9900, Z10)

jrohland

We are told by a group of users on the CrackBerry forums users don't care about security. Or, non BlackBerry systems are secure enough. Or, if you're not doing anything wrong you need not worry about the state eavesdropping on your private conversions.

Posted via CB10

all3n7

.....so..... Whatsapp!!??

Anonymous2039

Nothing much. You?

Posted via CB10

all3n7

oh! nothin, just chillin.. lol

Xandrex_BSCF

hi,

two comments.

1) about the past WhatsApp hacking. The hack was done above the website, and not the WhatsApp servers that contain data. when I say above, it means that the website was doing fine, but no one could view it, instead the URL was redirecting to another website. It was not defacing (where the files on the web server are edited).
Basically the WhatsApp guys forgot to renew their domain name.

2)
about the hack exposed by Thijs Alkemade. It does not need to have any direct access to your device. It simply requires to be able to sniff what you are doing. This is especially true if you use a Wi-Fi HotSpot. The hacker simply needs to be connected to the same Wi-Fi HotSpot (or be the HotSpot owner).

nemo7

3 weeks and no BBM. Yes BlackBerry it was the leak Android that causes the Problem. Now i hate u soo much, sh*t on you, I use Skype now.

Posted via BlackBerry Z810

Houshinto

Nobody cares. Until apples comes out with updates to iMessage that ensures encryption in a manner that can be marketed people won't care. Sorry, if Samsung comes up with some they can also get people to tout it, but it'll take longer and probably cost more marketing $$.

R Field

Hey BlackBerry NOW would be a good time for cross platform BBM launch. Hurry up what's the hold up?!

CB10 - Z10 -10.2.0.1725

sebstarr

Bbm is losing steam everyday and what I see on twitter the most is that there is no response from @bbm which makes BlackBerry look terrible and is p*ssing people off.

I think that this private deal is intentionally botching bbm.

Why isn't it on ios? It takes this long to tweek it for ios7?

So sad :(

Posted via CB10

Dannynutdude

BlackBerry are in a weird state atm so it's normal for them to go off schedule. Replying to twitter comments is their own decisions but I do agree that it does make them look bad. I hope they get their reputation back because I don't want to be rocking an android phone, that's for sure!b

Posted via CB10

gameson

http://fileperms.org/whatsapp-is-broken-really-broken/

it's been discussed here that Whatsapp is insecure. It transmit your IMEI number, so if anyone can snoop, it can get your IMEI and create a 'clone' handset.

Privacy is problem, everything about whatsapp is insecure. It's too bad normal folks don't really care about this.

barney009

Eventually consumers will realise how important security is, after all nowadays they do their banking on their devices and hold basically their whole life on their phone. Once a few have been hacked or cloned then they'll start thinking about it. I remember years ago most people using a pc had no firewall, anti virus etc. - people know better now. They will learn one day!

Posted via CB10

Red_Berry_21

so glad i got rid of whats app n got a new BLACKBERRY Q5 ;) stuff what's app piece of crap :)

marcosis

There you go folks, another reason why you should message your mistress on BBM. Haha. Just kidding. I don't condone cheating. But if you are and need to chat, use BBM. It's more secure than most marriages.

Posted via CB10

MoonCat

Anything is more secure than marriage.

diogoteixeira87

WhatsApp sucks, but if bbm is not in cross platform format, it really makes no difference. We need bbm 4 all ASAP.

Posted via CB10

solitude1984

This is not surprising at all.

Now if only bb could release bbm ....

james pisano

I had decided not to use Whatsapp when I had my 9930 because I couldn't separate my business and personal life communications and I believe my contact info/number would be shared in the network with people I didn't know, although I can't remember how.

Via CB10 & Z10 or Q10

samolukp

It's a messenger, how secure do you need your conversations with friends to really be. If you're concerned with security you should likely opt out of a free app.

Posted via CB10

Genghis2k3

OR...choose the free messenger app that is most secure.

sentano

It is the right time for news like this to appear ...
...and this is just the beginning...

...forever BlackBerry...

leebaylin

Ya think.

Posted via CB10

kfh227

Bbmx will go cross platform as soon as fairfax owns bbry

Posted via CB10

martinjdub

BBM or bust

Posted via CB10

hazarder

Lol yeah, couldn't be a better moment than now for BBM to release..well other than the actual release date, three weeks ago.

Posted via that z10!

byrdbrained

Blah, blah, blah. Whatsapp is out and it works. BBM? Nowhere to be seen except on Blackberry. I love my BlackBerry, but these articles seem like they are the consolation prize. Stop trying to disparage whatsapp everyday and get the clearly superior (ahem) BBM out already for cross-platform use. Otherwise this all sounds like sour grapes.

Alattin Simsek

Exactly my thoughts.

Posted via CB10

textmint2013

Exactly what he said

Posted via CB10 from BB Z10 (My stable: 8310, 8520, 9900, Z10)

texazzpete

Exactly!

All these articles spreading FUD...Sour grapes. As it stands, Whatsapp is infinitely more useful than BBM right now on Android and iOS. Bring BBM4ALL out and then we'll talk

derizzle

I had suspicions of what's app a few months back so deleted it... thank my lucky socks I did that... I don't think bbm will be coming out any sooner as planned... more like in 2015 or so... too slow off the mark getting it x platform... I've given up telling my friends now... a proper let down by bbry...

Sent by Bbry Zed10

Auggy360

Lol, bbm stay slacking

Posted via CB10

diann23

Nothing is safe online

Posted via CB10

Cragula

I didn't know what'sApp even had any kind of security. I thought all messages were sent in the clear.

Posted via CB10

Gavin Kwait

Who cares. WhatsApp works cross platform and is seemless to your contact list. BBM is blackberry only and requires an email address.

Posted via CB10

Alattin Simsek

At least Whatsapp is 4all... I don't have any friends that have BlackBerry so bbm sucks for me. Useless app.

Posted via CB10

buckwylder

In the meantime, folks can always enjoy the pinnacle of what is BBM by upgrading from whatever they're using to a BlackBerry 10 smartphone.

Posted via CB10

conkybubs

I don't get it....who honestly thought whatsapp was safe??

Posted via CB10 on Z10

joshua_sx1

WhatsApp may not be secured as BBM... but it is still BETTER than NOTHING... the only thing that users must do is NEVER send any confidential information...

Posted via Z10

will1881

rest assured? how on earth can bb let alone bbm assure me some rest?
failure after failure.

BCITMike

Wasn't there a post or report or something where BBM was considered "scrambled" as opposed to "secure"? Or was that simply pin to pin messaging? I recall them referencing CSIS report where they refer to a BlackBerry whitepaper and the whitepaper even used the word "scrambled".

Woody Ghsoubi

BCITMike, is it possible if you can link me to that whitepaper? Thanks.

RonBro66

Cross Platform BBM would be the final nail in the coffin for this terrible run company. People in third world countries are sticking around for BBM. They can't wait to have BBM on their cheap Droid.

BlackBerry is going to be chopped up and sold in pieces. My S4 is so much better than your Z10.

arvind1983

Why so much WhatsApp hate? I remember the days when we were waiting impatiently for WhatsApp app for BB10.

TheStoryUp

So how does whatsapp have to do to get the same security, what is it that's stopping them? Do the have to start up there own network of servers or something? Idk

Posted via CB10

quizm

Just to echo others. It may be one thing to be late delivering cross platform bbm, it is entirely another to give some lame excuse and then disappear for three weeks with little or no communication. BlackBerry' s communication style is really a huge problem. The company is so distant from its consumers that this alone turns them away.

Posted via CB10

4carlos

Yes not safe and not really new.

Waiting for cross platform BBM !!

lomsha

And I don't care, wasn't under any illusions that it was secure to begin with.

KN2577Z10

Stop talking/comparing coz BBM4ALL hasn't been able to release the damn thing to public.

Posted via CB10

DetlevCM

Not exactly surprising, the people or the person behind whatsapp has been known to be incompetent with regards to data security from the start....

This is what, the third or fourth time a major issue with that "service" is published?

Posted via CB10

DaNomadicOne

Many of the users wants the ability of an app over the security of the app.

Posted via CB10

h2z3

that's what i'm talkin' bout'!!!!
BBM all the way

MilnerR

If they hacked into my Whatsapp account they would have endless messages detailing what time I'm leaving work and my wife asking me to pick up some milk on the way home.
We happily send vital documents (bank cards, transaction statements, solicitors letters, contracts etc etc) through the post in an envelope sealed with a spot of melted cows hoof and feel that is perfectly secure. Yet when we send a message asking our mates "what time u out?" we want CIA levels of encryption.

Anyway, I like Whatsapp, it does everything I need it to do, plays nicely with my contact list and, unlike bbm, is actually available to use across all platforms (even blackberry)

Benjamin_NYC

If you're using an instant messaging app for confidential conversations and think they're 100% secure, you're crazy.

WhatsApp is fine...

Posted via CB10

texazzpete

Meh, who cares. I'll keep using Whatsapp until BlackBerry can get off their incompetent asses and release BBM. Whatsapp isn't anywhere near as desirable to me as Whatsapp, but I'll use what i can get right now.

playbook_swiper1

Heheheh..."Still on the way..." - That's what was said about BB10 for Playbook. When will you people learn?

im_piejot

Seriously, whats the big deal about this? What are you guys hiding? How big is your companies secret deal? Why are u doing multimillions business in whatsapps! Come on..

Posted via CB10 with BlackBerry Q10

Craigash

From what I keep hearing most Android & IOS users are not Arsed about who snooping on them.

Maybe they will when a Policeman or something like that, knocks on the Door, because people have been committing crime in their Name.....

Posted via CB10

canbbguy

TLS is awesome, till an intelligence agency asks BlackBerry for access to the messages

canbbguy

Balanced view of actual BlackBerry security - without the usual nausea of fan boi-ism http://www.christopher-parsons.com/the-danger-of-fetishizing-blackberry-...

John Timothy

I agree that most people don't care about security. But it still comes down to , WhatsApp did not tell users that their conversations can be compromised. It would be interesting to find out what other dirty little secrets WhatsApp is hiding! As far as correcting the security problem, well if it so easy everyone including Samsung would of done it, even Imessage don't you think! Don't you think every Messaging app would want to be secure just like BBM, of course they would. But they can't or they would of done it!

Orange UK

BBW should pull it for "security reasons" until patched and release BBM the same time ;)

nt300

I've been saying this from day one, no other messaging platform is more secure than BBM.