WhatsApp slaps app hacker chaps on the rack for booby-trapped chat: NSO Group accused of illegal hacking by Facebook Facebook and its WhatsApp subsidiary on Tuesday sued NSO Group alleging the Israel-based spyware maker unlawfully hacked smartphones using a vulnerability in the popular chat app. The complaint [PDF], filed in a US district court in San Francisco, blames NSO for a cyberattack on WhatsApp users that was publicly disclosed in …
This post has been deleted by its author
I thought "end to end" meant message sender to message receiver.
In any case, that's irrelevant. Everyone who uses WhatsApp and accepted the default switch to WhatsApp backups getting stored on Google Drive now has their precious messages stored in unencrypted format on Google Drive.
The "backdoor" is in plain sight.
It's more a front door than backdoor.
Maybe that is how the WhatsApp CEO can keep a straight face while saying they don't want backdoors.
It's ok you choosing to disable backups but has the other end of your conversations? If not, un-encrypted backups on googles/NSA's servers.
'End to end' means client device to client device. Whatsapp/Facebook's servers direct the messages (and can presumably pick up a lot of metadata that way), but they can't decrypt the messages.
(Of course, we have only their word for that.)
"End to end" should mean that, yes. However: consider that:
1) The app generates the keys; not the user.
2) WhatsApp changed hands for 19 billion dollars. Billion.
3) Facebook is the company that bought it.
Because the app (and therefore Facebook) knows the keys it would be trivial to simply store the keys somewhere and decrypt at will. If you think a bunch of weasels like Facebook spent 19 billion to not do that, then you have more faith in humanity than I do.
"End to end" coming from Facebook is, I very strongly suspect, marketing-speak designed to mislead people into thinking of the standard usage of the term (ie, client to client). If one of the ends happens to be Facebook then it's technically "end to end encryption"...they're just not specifying where the ends are and letting people assume it's client-to-client.
While I firmly believe that NSO group needs to be disbanded and all it's members charged with crimes against humanity....I just can't get over the irony that Facebook has also given very powerful survailance software to unscrupulous app developers with only a pinky-swear agreement and absolutely zero oversite.
There are no good guys in this story.
"We take action if we detect any misuse."
Fine words butter no parsnips.
Do we have any assurance that NSO is actively looking for misuse or are they complacent and trust that their customers will abide by the rules?
It seems to me as if NSO is in the business of making as much money as they can and damn the consequences. As others here have said, how do these people sleep at night?
Or is it a case of "Ignorance is bliss"?
Like it or not, they do exist, and are a danger.
All of these software can be used to fight crime, or to keep some class of people under illegal surveillance. Just like a gun can be used to protect you, or to rob/rape/kill you. It only depends on what legal framework allows their use and sales, and with what kind of control.
Remind me. How long did the 'merkin legal system hold Marcus Hutchins on suspicion of developing malware?
NSO not merely developed it, they actively marketed it. Why is this Whatsapp rather than the Government pursuing this?
Or could the feds pick this one up, as they did against Sklyarov, or even US citizen Schwartz?
AIUI the Israeli courts are not exactly toothless, either. Unless of course TPTB there protect NSO by keeping the whole thing out of court.
There we go again. Since some bad people use encryption, nobody else should be able to.
Well I have some similar information for you : guns are often used by drug kingpins and terrorists in the course of their criminal activity.
Funnily enough, there is no call to limit the availability of guns.
We need a merry-go-round icon.
> "Funnily enough, there is no call to limit the availability of guns."
There are pleny of people out there who want to repeal the 2nd. Also, here in the UK, availability of guns is very limited, and nobody wants to change that.
While I appreciate your sentiment, you’ve missed the mark on both sides of this one.
—there are LOTS of calls to limit the availability of guns.
—This group didn’t call for reducing access to encryption. They are creating tools for targeted attacks on encryption, which is still bad, but in a different way.
A tool like this is only so good as the people wielding it. Turing & co were good people wielding their tools for a good purpose. Less good people would later use some of the principles they developed for bad purposes. And it appears that today, someone has used NSO’s tools for bad purposes (possibly NSO themselves, but I don’t know enough to say either way).
In any decent country guns availability is strictly controlled. Only US has a second amendment, and its actual interpretation.
Face it: or law enforcing agencies are able to investigate criminal somehow, including using vulnerabilities to get onto criminals devices, or they will force the adoptions of backdoors for everyone - and more people will suffer from damages inflicted by criminals - you can't break for example a mafia gang without intercepting communications - more people will be ready to accept backdoors - and then large scale surveillance will be even easier for anybody willingly to use such power for their advantage.
If you believe they will accept a "safe haven" for criminals, I have a bridge to sell you.
Truly unbreakable encryption is trivial, although can get quite cumbersome (a one-time pad handling all 256 values for a byte requires 64K per plaintext character, which means a DVD could hold enough data to send about 73K of plaintext). So fundamentally what "law enforcement" are asking for are ways to snoop on suspects that are too lazy or stupid to use better privacy tools, so by definition _not_ the biggest threats.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
