THIS UNDISCLOSED WHATSAPP VULNERABILITY LETS GOVERNMENTS SEE WHO YOU MESSAGE

THIS UNDISCLOSED WHATSAPP VULNERABILITY LETS GOVERNMENTS SEE WHO YOU MESSAGE

All of Murdoch's Men: Control of society by the Media (the real political authority of Media)
Most Embrace a Role for Islam in Politics : Muslim Publics Divided on Hamas and Hezbollah
The dark shadows of Kosovo’s past

Engineers warned Meta that nations can monitor chats; staff fear Israel is using this trick to pick assassination targets in Gaza.

IN MARCH, WHATSAPP’S security team issued an internal warning to their colleagues: Despite the software’s powerful encryption, users remained vulnerable to a dangerous form of government surveillance. According to the previously unreported threat assessment obtained by The Intercept, the contents of conversations among the app’s 2 billion users remain secure. But government agencies, the engineers wrote, were “bypassing our encryption” to figure out which users communicate with each other, the membership of private groups, and perhaps even their locations.

The vulnerability is based on “traffic analysis,” a decades-old network-monitoring technique, and relies on surveying internet traffic at a massive national scale. The document makes clear that WhatsApp isn’t the only messaging platform susceptible. But it makes the case that WhatsApp’s owner, Meta, must quickly decide whether to prioritize the functionality of its chat app or the safety of a small but vulnerable segment of its users.

“WhatsApp should mitigate the ongoing exploitation of traffic analysis vulnerabilities that make it possible for nation states to determine who is talking to who,” the assessment urged. “Our at-risk users need robust and viable protections against traffic analysis.”

Against the backdrop of the ongoing war on Gaza, the threat warning raised a disturbing possibility among some employees of Meta. WhatsApp personnel have speculated Israel might be exploiting this vulnerability as part of its program to monitor Palestinians at a time when digital surveillance is helping decide who to kill across the Gaza Strip, four employees told The Intercept.

“WhatsApp has no backdoors and we have no evidence of vulnerabilities in how WhatsApp works,” said Meta spokesperson Christina LoNigro.

Though the assessment describes the “vulnerabilities” as “ongoing,” and specifically mentions WhatsApp 17 times, LoNigro said the document is “not a reflection of a vulnerability in WhatsApp,” only “theoretical,” and not unique to WhatsApp. LoNigro did not answer when asked if the company had investigated whether Israel was exploiting this vulnerability.

EVEN THOUGH THE contents of WhatsApp communications are unreadable, the assessment shows how governments can use their access to internet infrastructure to monitor when and where encrypted communications are occurring, like observing a mail carrier ferrying a sealed envelope. This view into national internet traffic is enough to make powerful inferences about which individuals are conversing with each other, even if the subjects of their conversations remain a mystery. “Even assuming WhatsApp’s encryption is unbreakable,” the assessment reads, “ongoing ‘collect and correlate’ attacks would still break our intended privacy model.”

The WhatsApp threat assessment does not describe specific instances in which it knows this method has been deployed by state actors. But it cites extensive reporting by the New York Times and Amnesty International showing how countries around the world spy on dissident encrypted chat app usage, including WhatsApp, using the very same techniques.

As war has grown increasingly computerized, metadata — information about the who, when, and where of conversations — has come to hold immense value to intelligence, military, and police agencies around the world. “We kill people based on metadata,” former National Security Agency chief Michael Hayden once infamously quipped.

But even baseless analyses of metadata can be lethal, according to Matthew Green, a professor of cryptography at Johns Hopkins University. “These metadata correlations are exactly that: correlations. Their accuracy can be very good or even just good. But they can also be middling,” Green said. “The nature of these systems is that they’re going to kill innocent people and nobody is even going to know why.”

Please follow and like us:

COMMENTS