While people discuss about a possible state-actor stronghanding WhatsApp and the semantics of backdoor, the "design feature" of not showing the key changes are making real victims, at least in Brasil:
The attacker first try to duplicate the mobile phone number of the first victim, probably by social engineering their phone company. This part may look difficult to do, but it is not hard if you realize you do not need to target anyone special - everyone uses WhatsApp, so any number gives a high probability of success.
After getting the first victim number, the attacker install WhatsApp, which gladly verifies the user via SMS - WA has no login, no password, so anyone receiving the SMS can impersonate anyone else.
As Whatsapp does not send any alert of key change by default, the attacker is free to impersonate to person - in this case, he simply asks for some borrowed money to be transferred to a bank account, which will be paid soon. The recipient has no reason to distrust the message - it is being sent by his friend in the same chat window as they always talked to, even the logs are there. There is no message to warn about the potential issue, by design!
This is no hypothesis - this is actually happening for some time, now.[1] This design feature surely has some loyal users.
Unfortunately, if WhatsApp did defend against this, it would be such a big hassle that users would disable it. How many people do you know that wouldn't just click "accept" on "this user's keys changed", or wouldn't just ask the attacker "hey did you get a new phone?" "yes" "oh okay"?
People love to blame WhatsApp, but what can anyone realistically do?
It does not need to be a modal form - a notification message, embedded in the the chat log, just before a "Hey, could you send me some money", could make some people think twice before transferring:
"Wow, he is asking me in excess of USD500 just after WhatsApp warned me his cell phone has changed. Weird".
The simple alert shown in moxie's own blog post [1], perhaps less cryptically written, would probably do the job.
Heck, if this happened between me and girlfriend last week, I would most probably fall, as I did not know this was disabled in WhatsApp. Now, at least, I have turned the notification on.
For the overwhelming majority of people, it would just lead to alert fatigue, where users start ignoring the alerts because 99% of the time they're not actually indicative of a problem.
Where I live at least people rarely switch phone numbers and I have yet to hear about a single person that I know or have worked with who have had their phone number hijacked.
So, lets say that other people are less lucky than me and this warning will pop up twice a year, -will that be enough to trigger warning fatigue?
IMO, probably not.
Will we still have a problem with warning fatigue? Yes. Why? Because of the sticker and warning requirements created by American lawsuits and EU cookie law. (Oh, and IIRC my country isn't much better in this regard, just smaller so less of a problem.)
While not a citation I hope this explains my reasoning.
> Where I live at least people rarely switch phone numbers…
First, it's not about people switching phone numbers. It's about switching devices. This can be something as innocuous as uninstalling/reinstalling the WhatsApp app. Or upgrading their phone on a one or two year cycle. Or because they broke their phone and are using a friend's old phone for a few weeks. Or wanting to send and read messages on their laptop too. And their work laptop. Except they also had their work laptop reinstalled because of a virus, or because IT needed to do an upgrade, or whatever.
This shit happens all the time.
> …and I have yet to hear about a single person that I know or have worked with who have had their phone number hijacked.
I think this proves my point. The signal-to-noise ratio for this type of message is precisely zero for greater than 99.999% of WhatsApp users who are not being singled out by a nation-state for surveillance. And he number of these users who actually bothers to confirm keys out-of-band is, while not precisely zero, near enough as to make no difference.
For users who do anticipate being singled out, there are two plausible options: they are savvy enough to look into the settings and ensure the toggle is enabled, or they're not savvy enough to look for this type of option, and they're probably screwed anyway because actually achieving practical privacy against a highly-funded and highly-motivated governmental adversary is brutally hard and requires significantly more active involvement than merely toggling a switch on a messaging app.
> So, lets say that other people are less lucky than me and this warning will pop up twice a year
Twice a year times fifty contacts adds up to seeing this message frequently enough that you learn to subconsciously ignore it. People still try to bypass virtually every TLS warning browsers throw at them even though that number for most people is less than once per year, and even though browsers have made it painfully difficult to do so.
No, this is why I disagree with Moxie, the right UI design wouldn't have to create fatigue. It could just block by default, and then allow you to change the default with an appropriate warning.
At least that way, everyone will become aware at least once and make their choice.
Everyone (talking about non-technical users here) won't understand why they can't message a particular person any more and will blame WhatsApp "It's broken again". Block by default would kill growth and they don't want that.
Maybe a lot would it turn it off, but its better than the current situation because everyone would know exactly what they're getting themselves into. Most importantly, the people who are most at risk would get a chance to understand the issue and leave it on for their protection.
>As Whatsapp does not send any alert of key change by default
I don't think that's the case. AFAIK WhatsApp does warn people about key changes with this warning message by default: https://cldup.com/QdUQmjJoF9.png
In fact working with software, at least once a month someone will ask me "Hey, what is this 'Security code has changed' message that pops up every so often about? Do I need to worry about it?"
This has nothing to do with Whatsapp and its use of encryption but is cause by its choice of username and validation method.
The attacker needs to know the phone number and be able to read SMS messages from the phone number. Even very weak methods like the typical security questions would make this much more difficult.
I don't believe it could be done by the thousands, it would be way more targeted:
You'll need to be next to the actual phone number user when you request, and the victim will receive the SMS. Also, the victim would be shut out of WhatsApp (it allows only one client to be active), which would probably trigger some reaction.
The attacker first try to duplicate the mobile phone number of the first victim, probably by social engineering their phone company. This part may look difficult to do, but it is not hard if you realize you do not need to target anyone special - everyone uses WhatsApp, so any number gives a high probability of success.
After getting the first victim number, the attacker install WhatsApp, which gladly verifies the user via SMS - WA has no login, no password, so anyone receiving the SMS can impersonate anyone else.
As Whatsapp does not send any alert of key change by default, the attacker is free to impersonate to person - in this case, he simply asks for some borrowed money to be transferred to a bank account, which will be paid soon. The recipient has no reason to distrust the message - it is being sent by his friend in the same chat window as they always talked to, even the logs are there. There is no message to warn about the potential issue, by design!
This is no hypothesis - this is actually happening for some time, now.[1] This design feature surely has some loyal users.
[1]http://www.correiobraziliense.com.br/app/noticia/cidades/201...