WhatsApp, a popular mobile message application, suffers from crypto implementation vulnerability that leaves messages exposed.
Thijs Alkemade, a computer science student at Utrecht University in The Netherlands who works on the open source Adium instant messaging project, disclosed a serious issue this week with the encryption used to secure WhatsApp messages, namely that the same key is used for incoming and outgoing messages.
“You should assume that anyone who is able to eavesdrop on your WhatsApp connection is capable of decrypting your messages, given enough effort,” he wrote on Tuesday. “You should consider all your previous WhatsApp conversations compromised.”
Alkemade said a user’s only recourse is to stop using WhatsApp until developers produce a patch.
A hacker sniffing a WhatsApp conversation could recover most of the plaintext bytes sent, Alkemade said. WhatsApp uses RC4, a pseudo-random number generator, to generate a stream of bytes that are encrypted with the xor cipher. That same key is used to encrypt the plaintext and ciphertext, he said.
“That does not directly reveal all bytes, but in many cases it will work,” Alkemade said, adding that messages follow the same structure and are easy to predict from the portion of plaintext that is revealed.
Alkemade said WhatsApp also uses the same HMAC key in both directions, another implementation error that puts messages at risk, but is more difficult to exploit. He added that TLS counters this by using different keys for the HMAC sequence of messages from the server to the client and RC4 for client to server messages.
“There are many pitfalls when developing a streaming encryption protocol. Considering they don’t know how to use a xor correctly, maybe the WhatsApp developers should stop trying to do this themselves and accept the solution that has been reviewed, updated and fixed for more than 15 years, like TLS,” Alkemade said.