Security experts request retraction of The Guardian's WhatsApp article
Last week, The Guardianpublished a bombshell "exclusive" report claiming to reveal disturbing information about a "backdoor" into WhatsApp's encrypted messaging platform. According to the story, the vulnerability could potentially expose the service's user base of over a billion to "snooping" by prying eyes. The article was met with near-immediate backlash from information security experts and cryptologists, who took to Twitter to voice their complaints. Many alleged the article misrepresented a feature of the encryption WhatsApp's parent company, Facebook, called "expected behavior." Statements from WhatsApp and Open Whisper Systems, the development team behind WhatsApp's encryption, decried the story as well, calling it "false" and "disappointing." Now, many of those critical voices are calling for action. An open letter signed by 40 security experts requests that The Guardianretract the story, issue an apology and make efforts to ensure that similar reports won't be filed in the future without proper due diligence. Secure communication is crucial. Plea from cryptographers & researchers on Guardian's irresponsible WhatsApp piece: https://t.co/4r2QAuByrf pic.twitter.com/YB0Y2PrPzj The letter addressed to the "GuardianEditors" was written by sociologist Zeynep Tufekci, who characterizes the report as being "the equivalent of putting 'VACCINES KILL PEOPLE' in a blaring headline over a poorly contextualized piece." She later claims the story has already led to real-world ramifications, citing reports of the Turkish media labeling WhatsApp as unsafe, prompting concerned users to move their vulnerable communications to "services that are strictly less secure than WhatsApp." "People’s lives and safety are at stake," she writes. Thanks to Guardian's irresponsible & baseless WhatsApp reporting, I'm flooded w reports of vulnerable folk switching to less secure options. According to Tufekci, the problem here isn't just the tone of The Guardian's story — the information contained within is either willfully or unintentionally misleading its audience. "The behavior described in your article is not a backdoor in WhatsApp [emphasis hers]," she writes, claiming that her position holds the "overwhelming consensus of the cryptography and security community." The Guardian's article cites findings from UC Berkley doctorate student Tobias Boelter. He claims that WhatsApp's vulnerability stems from its end-to-end encryption's handling of messages sent to offline users in the event of a change of phone or SIM card. Rather than requiring its users to reconfirm their security keys in order for the message to be received, WhatsApp sends along the undelivered message automatically, informing the recipient afterward that the security key changed. He (and then The Guardian) compared that system to another secure messaging app, Signal, which is held by many to be the gold standard for end-to-end encryption. Rather than letting the messages through, Signal blocks them until the keys can be reconfirmed. That said, Signal and WhatsApp's end-to-end encryptions use the same protocol from Open Whisper Systems — this is the only way their systems differ. And according to Tufecki, this isn't a "backdoor" — it's a means to increase reliability for WhatsApp users, who often have different priorities than those depending on Signal. "The very thing that makes Signal a recommendation for people at high risk — that it drops messages at any sign of hiccup — prevents a large number of ordinary people from adopting it," she writes. She calls Boelter "a single well-meaning graduate student," whose inexperience and enthusiasm at finding a potential issue with one of the world's most popular app's security likely led him to "overestimate the practical impact" of the vulnerability. Rather than holding him responsible, she criticizes The Guardianfor its lack of due diligence in confirming Boelter's findings with other experts (both WhatsApp and Open Whisper Systems claimed they were not contacted before the article was published) and calls for the publication, which she still says she harbors "great respect for," to retract the story. When reached for comment by Mashable, a Guardianspokesperson provided us with this statement: "We ran a series of articles highlighting and discussing a verified vulnerability in WhatsApp and its potential implications. WhatsApp was approached prior to publication and we included its response in the story, as well as a follow up comment which was received post-publication. While we stand by our reporting we have amended the article's use of the term 'backdoor' in line with the response and footnoted the articles to acknowledge this. We are aware of Zeynep Tufekci's open letter and have offered her the chance to write a response for the Guardian. This offer remains open and we continue to welcome debate." We were unable to reach Tufecki for comment, but a recent Tweet makes her position on The Guardian's offer to write a response clear: My writing a piece for the Guardian is not the answer. Guardian needs to retract, explain, learn from. https://t.co/RrK6IZ1PMB With interest in secure messaging high in today's turbulent political climate, it's important for users to educate themselves on the systems they trust with their most vulnerable information. While the response to The Guardian's report from the security community was strong and swift, the potential vulnerability to WhatsApp still exists, even if it is tiny. To help decide if WhatsApp's system works for you, we suggest reading more about it in the Electronic Frontier Foundation's report on the topic. TopicsCybersecurityWhatsApp
Featured Video For You
The best way to understand encryption is through this tale of love and mystery
- 最近发表
-
- I used the Pixel 9 Pro XL in the shower — does the screen work when wet as claimed?
- 我市工业经济增速跃居全省第八
- Liverpool have to be 'angry' and 'greedy' against Man Utd
- ‘Hosts Ivory Coast can win 2023 AFCON’
- Microwave technique recovers 87% of batteries' lithium in 15 minutes
- 私存汽油起火 两层小楼熏黑
- PSG on brink of French title
- Fighting game extravaganza Evo is heading back to Vegas in July 2017
- NASA rover snaps photo of its most daunting challenge yet
- 'Nuclear confrontation with US is ending': Choson Sinbo
- 随机阅读
-
- 尝“鲜”盛宴,等你来探!2024年清远西牛麻竹笋尝鲜季即将启幕
- Pompeo to travel to Vietnam for summit Feb. 26
- Kanye West concert canceled following Trump, Beyoncé rants
- Super talented parrot can sing, count, dance, and ask questions
- [LLG] When compassion meets law: Lawyer defends goats, dogs, other helpless animals
- Swiatek powers past Raducanu for 21st successive win
- Goodest girl ever gets her own entry in school's yearbook
- Man City, Liverpool locked in title battle
- CrowdStrike outage is still causing hundreds of flight cancellations daily
- PSG on brink of French title
- 苍坪路市场有问题 市领导带队现场整改
- Kanye West concert canceled following Trump, Beyoncé rants
- Against All Odds: How Netflix Made It
- Man United will need 'open
- Harvey Weinstein pleads not guilty
- Tesla's online trip planning tool shows driving and charging routes
- Microwave technique recovers 87% of batteries' lithium in 15 minutes
- 跌久必涨!王祖力:2024年猪价具备底部反弹50%的潜力
- Russia, China oppose U.S. missile
- Russia, China oppose U.S. missile
- 搜索
-
- 友情链接
-