WhatsApp

From Wikispooks
Revision as of 11:44, 14 May 2019 by Patrick Haseldine (talk | contribs) (Importing from WP and expanding)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Group.png WhatsApp  Rdf-entity.pngRdf-icon.png
Parent organizationFacebook

WhatsApp Messenger is a freeware, cross-platform messaging and Voice over IP (VoIP) service owned by Facebook.[1] It allows the sending of text messages and voice calls, as well as video calls, images and other media, documents, and user location.[2][3] The WhatsApp client application runs on mobile devices but is also accessible from desktop computers while the mobile device is connected to the Internet. The service requires[4] users to provide a standard cellular mobile number. Originally, users could communicate only with others individually or in groups of individuals, but in September 2017, WhatsApp announced a forthcoming business platform to enable companies to provide customer service to users at scale.[5]

The client application was created by WhatsApp Inc. of Mountain View, California, which was acquired by Facebook in February 2014 for approximately US$19.3 billion.[6][7] By February 2018, WhatsApp had over one and a half billion users,[8] making it the most popular messaging application at the time.[9] It has grown in multiple countries, including Brazil, India, and large parts of Europe, including the United Kingdom and France.[10]

End-to-end encryption

On November 18, 2014, Open Whisper Systems announced a partnership with WhatsApp to provide end-to-end encryption by incorporating the encryption protocol used in Signal into each WhatsApp client platform.[11] Open Whisper Systems said that they had already incorporated the protocol into the latest WhatsApp client for Android, and that support for other clients, group/media messages, and key verification would be coming soon after.[12] WhatsApp confirmed the partnership to reporters, but there was no announcement or documentation about the encryption feature on the official website, and further requests for comment were declined.[13] In April 2015, German magazine Heise Security used ARP spoofing to confirm that the protocol had been implemented for Android-to-Android messages, and that WhatsApp messages from or to iPhones running iOS were still not end-to-end encrypted. They expressed the concern that regular WhatsApp users still could not tell the difference between end-to-end encrypted messages and regular messages.[14] On 5 April 2016, WhatsApp and Open Whisper Systems announced that they had finished adding end-to-end encryption to "every form of communication" on WhatsApp, and that users could now verify each other's keys.[15] Users were also given the option to enable a trust on first use mechanism in order to be notified if a correspondent's key changes.[16] According to a White Paper that was released along with the announcement, WhatsApp messages are encrypted with the Signal Protocol.[17] WhatsApp calls are encrypted with Secure Real-time Transport Protocol (SRTP), and all client-server communications are "layered within a separate encrypted channel". The Signal Protocol library used by WhatsApp is open-source and published under the GPLv3 licence.[18]

Cade Metz, writing in Wired magazine, said:

"WhatsApp, more than any company before it, has taken encryption to the masses."

Hacked

On 14 May 2019, the BBC reported that hackers were able to remotely install surveillance software on phones and other devices using a major vulnerability in WhatsApp, which said the attack targeted a "select number" of users, and was orchestrated by "an advanced cyber actor". WhatsApp believes the attack was developed by Israeli security firm NSO Group for which a fix is available and has urged all of its 1.5 billion users to update their apps as an added precaution.

WhatsApp promotes itself as a "secure" communications app because messages are end-to-end encrypted, meaning they should only be displayed in a legible form on the sender or recipient's device. However, the surveillance software would have let an attacker read the messages on the target's device.

"Journalists, lawyers, activists and human rights defenders" are most likely to have been targeted, said Ahmed Zidan from the non-profit Committee to Protect Journalists.

Targeted

Amnesty International - which said it had been targeted by tools created by the NSO Group in the past - said this attack was one human rights groups had long feared was possible.

"They're able to infect your phone without you actually taking an action," said Danna Ingleton, deputy programme director for Amnesty Tech. She said there was mounting evidence that the tools were being used by regimes to keep prominent activists and journalists under surveillance.

"There needs to be some accountability for this, it can't just continue to be a wild west, secretive industry."

On Tuesday 14 May, a Tel Aviv court will hear a petition led by Amnesty International that calls for Israel's Ministry of Defence to revoke the NSO Group's licence to export its products.[19]

 

Related Quotation

PageQuoteAuthorDate
Backdoor“Every year, we learn about some issue in WhatsApp that puts everything on their users' devices at risk. Which means it's almost certain that a new security flaw already exists there. Such issues are hardly incidental – they are planted backdoors. If one backdoor is discovered and has to be removed, another one is added”Pavel Durov5 October 2022
Many thanks to our Patrons who cover ~2/3 of our hosting bill. Please join them if you can.


References

  1. Metz, Cade (5 April 2016). "Forget Apple vs. the FBI: WhatsApp Just Switched on Encryption for a Billion People". Wired. Condé Nast. Retrieved 13 May 2016.Page Module:Citation/CS1/styles.css must have content model "Sanitized CSS" for TemplateStyles (current model is "Scribunto").
  2. Voice calling, March 12, 2015Page Module:Citation/CS1/styles.css must have content model "Sanitized CSS" for TemplateStyles (current model is "Scribunto").
  3. "WhatsApp Voice Calling". April 4, 2015.Page Module:Citation/CS1/styles.css must have content model "Sanitized CSS" for TemplateStyles (current model is "Scribunto").
  4. "WhatsApp FAQ - Using one WhatsApp account on multiple phones, or with multiple phone numbers". WhatsApp.com.Page Module:Citation/CS1/styles.css must have content model "Sanitized CSS" for TemplateStyles (current model is "Scribunto").
  5. "Building for People, and Now Businesses". WhatsApp.com.Page Module:Citation/CS1/styles.css must have content model "Sanitized CSS" for TemplateStyles (current model is "Scribunto").
  6. {{URL|example.com|optional display text}}
  7. "Facebook to Acquire WhatsApp". Press release. http://newsroom.fb.com/News/805/Facebook-to-Acquire-WhatsApp. 
  8. {{URL|example.com|optional display text}}
  9. Leo Sun (September 11, 2015). "Facebook Inc.'s WhatsApp Hits 900 Million Users: What Now?". The Motley Fool.Page Module:Citation/CS1/styles.css must have content model "Sanitized CSS" for TemplateStyles (current model is "Scribunto").
  10. Metz, Cade (April 5, 2016). "Forget Apple vs. the FBI: WhatsApp Just Switched on Encryption for a Billion People". Wired. Retrieved April 5, 2016.Page Module:Citation/CS1/styles.css must have content model "Sanitized CSS" for TemplateStyles (current model is "Scribunto").
  11. Evans, Jon (November 18, 2014). "WhatsApp Partners With Open WhisperSystems To End-To-End Encrypt Billions Of Messages A Day". TechCrunch. Retrieved November 19, 2014.Page Module:Citation/CS1/styles.css must have content model "Sanitized CSS" for TemplateStyles (current model is "Scribunto").
  12. "Open Whisper Systems partners with WhatsApp to provide end-to-end encryption". Open Whisper Systems. November 18, 2014. Retrieved November 18, 2014.Page Module:Citation/CS1/styles.css must have content model "Sanitized CSS" for TemplateStyles (current model is "Scribunto").
  13. Snyder, Benjamin (November 18, 2014). "Facebook's messaging service WhatsApp gets a security boost". Forbes. Retrieved November 21, 2014.Page Module:Citation/CS1/styles.css must have content model "Sanitized CSS" for TemplateStyles (current model is "Scribunto").
  14. Scherschel, Fabian A. (April 30, 2015). "Keeping Tabs on WhatsApp's Encryption". Heise Security. Retrieved April 30, 2015.Page Module:Citation/CS1/styles.css must have content model "Sanitized CSS" for TemplateStyles (current model is "Scribunto").
  15. Lomas, Natasha (April 5, 2016). "WhatsApp completes end-to-end encryption rollout". TechCrunch. Retrieved April 5, 2016.Page Module:Citation/CS1/styles.css must have content model "Sanitized CSS" for TemplateStyles (current model is "Scribunto").
  16. Budington, Bill (April 7, 2016). "WhatsApp Rolls Out End-To-End Encryption to its Over One Billion Users". Deeplinks Blog. Electronic Frontier Foundation. Retrieved April 21, 2016.Page Module:Citation/CS1/styles.css must have content model "Sanitized CSS" for TemplateStyles (current model is "Scribunto").
  17. "WhatsApp Encryption Overview – Technical white paper" (PDF). WhatsApp Inc. April 4, 2016. Retrieved April 5, 2016.Page Module:Citation/CS1/styles.css must have content model "Sanitized CSS" for TemplateStyles (current model is "Scribunto").
  18. Open Whisper Systems (2018-10-04). "libsignal-protocol-java". GitHub. Retrieved April 6, 2016.Page Module:Citation/CS1/styles.css must have content model "Sanitized CSS" for TemplateStyles (current model is "Scribunto").
  19. "WhatsApp discovers 'targeted' surveillance attack"
Wikipedia.png This page imported content from Wikipedia on 14 May 2019.
Wikipedia is not affiliated with Wikispooks.   Original page source here
Retrieved from "https://wikispooks.com/w/index.php?title=WhatsApp&oldid=159829"