Readit Newst0b commented on There is no WhatsApp 'backdoor' whispersystems.org/blog/t... · Posted by u/stablemap
t0b commented on There is no WhatsApp 'backdoor' whispersystems.org/blog/t... · Posted by u/stablemap
Ah. If that is so (and it's not obvious - clearly you can get delivery or even read receipts without Bob sending an answer), then it would seem that a bad server could only intercept a long monologue, indeed, but not a conversation.
(Greetings from HS F13 :)
you get "delivered" and "read" notifications before the recipient sends you a text response, so they must be independent.
t0b commented on There is no WhatsApp 'backdoor' whispersystems.org/blog/t... · Posted by u/stablemap
Deleted Comment
t0b commented on WhatsApp backdoor allows snooping on encrypted messages theguardian.com/technolog... · Posted by u/katpas
> but whether WhatsApp servers report to the device that the message has been delivered
It is hard to check what WhatsApp does, but in Signal it is not the server, but a recipient who sends delivery receipt. WhatsApp then has to either recognize encrypted receipts or allow only one-way conversation during attack. Carrying out the whole attack just to decrypt "hi, are you here?" is not really interesting.
The delivery receipt is the message that is directly sent after the message has been delivered. Not too hard to distinguish those from other text messages.
If notifications/blocking disabled (newbie setting):
Send re-keyed ciphertext immediately.
Random time later send garbage (automatically discarded by client)
If blocking enabled:
Send re-keyed garbage immediately.
When consumer notices the popup some (random) time later,
- and clicks "re-send": send re-keyed ciphertext
- and clicks "discard": send re-keyed different garbage.
However, note that if a compromised server MITM, they will probably be able to tell the difference between garbage and actual message (because the server provides the bad key, so can decrypt the immediate response message). It's really not trivial. Don't roll your own crypto... :-)
I want to address you last concern. moxie's specific concern is that without the extra measure I explained in the blog article, WhatsApp could find out on a large scale, covertly (!!!), who has this setting enabled or not. Simply because after a while pretty much every client will have to face the decision whether or not to retransmit for a benign reason.
Of course if they MITM, they can distinguish the re-send text from the garbage text, but the point is that then they are MITMing already and risk being detected. So instead they could've just MITM the conversation from the beginning on with risking of being detected.