Public
- Public
- Network
- Groups
- Popular
- People

Conversation

Notices

rugk -> ⚠️ Follow me at https://social.wiuwiu.de/@rugk (rugk@gnusocial.de)'s status on Tuesday, 16-Jan-2018 15:55:42 EST rugk -> ⚠️ Follow me at https://social.wiuwiu.de/@rugk

BTW, the news just going around the group chat vulnerabilities in major crypto protocol were public in July 2017 (see my own summary below; which is still valid AFAIK). Good explanation on https://www.wired.com/story/whatsapp-security-flaws-encryption-group-chats/

Seems news outlets need talks (RealWorldCrypto in Swizerland) to notice such things… :)
And authors seem to revised their paper in 2018, too.

@rugk
https://gnusocial.de/notice/10788447 !threema
In conversation Tuesday, 16-Jan-2018 15:55:42 EST from gnusocial.de permalink
Attachments
1. WhatsApp Flaws Could Allow Snoops to Slide Into Group Chats
  
  from WIRED
  
  German researchers say that a flaw in the app's group-chat feature undermines its end-to-end encryption promises.
2. File without filename could not get a thumbnail source.
  
  Fri Jul 28 15:54:57 +0200 2017 (Qvitter)
  
  By rugk (rugk@gnusocial.de) from GNUsocial.de
  
  More is Less: How group chats weaken the security of instant messengers #Signal, #WhatsApp and !threema https://eprint.iacr.org/2017/713.pdf
  
  TL;DR: Attackers can often rewind members of group to previous state (replay attack), WhatsApp can add arbitrary users and thus circumvent #e2e crypto in all group chats easily.
  
  BTW: #Threema fixed the issues, WhatsApp ignored, Signal wants to introduce a new protocol in the future.
  
  /cc !verschluesselung

Jonkman Microblog is a social network, courtesy of SOBAC Microcomputer Services. It runs on GNU social, version 1.2.0-beta5, available under the GNU Affero General Public License.

All Jonkman Microblog content and data are available under the Creative Commons Attribution 3.0 license.

Switch to desktop site layout.