Last week,The Guardianpublished a bombshell "exclusive" report claiming to reveal disturbing information about a "backdoor" into WhatsApp's encrypted messaging platform. According to the story, the vulnerability could potentially expose the service's user base of over a billion to "snooping" by prying eyes.
SEE ALSO:Sad! Trump reportedly forced to give up the phone he tweets withThe article was met with near-immediate backlash from information security experts and cryptologists, who took to Twitter to voice their complaints. Many alleged the article misrepresented a feature of the encryption WhatsApp's parent company, Facebook, called "expected behavior."
Statements from WhatsApp and Open Whisper Systems, the development team behind WhatsApp's encryption, decried the story as well, calling it "false" and "disappointing."
Now, many of those critical voices are calling for action. An open letter signed by 40 security experts requests that The Guardianretract the story, issue an apology and make efforts to ensure that similar reports won't be filed in the future without proper due diligence.
Secure communication is crucial. Plea from cryptographers & researchers on Guardian's irresponsible WhatsApp piece: https://t.co/4r2QAuByrf pic.twitter.com/YB0Y2PrPzj
— Zeynep Tufekci (@zeynep) January 20, 2017
The letter addressed to the "GuardianEditors" was written by sociologist Zeynep Tufekci, who characterizes the report as being "the equivalent of putting 'VACCINES KILL PEOPLE' in a blaring headline over a poorly contextualized piece."
She later claims the story has already led to real-world ramifications, citing reports of the Turkish media labeling WhatsApp as unsafe, prompting concerned users to move their vulnerable communications to "services that are strictly less secure than WhatsApp."
"People’s lives and safety are at stake," she writes.
Thanks to Guardian's irresponsible & baseless WhatsApp reporting, I'm flooded w reports of vulnerable folk switching to less secure options.
— Zeynep Tufekci (@zeynep) January 16, 2017
According to Tufekci, the problem here isn't just the tone of The Guardian's story — the information contained within is either willfully or unintentionally misleading its audience.
"The behavior described in your article is not a backdoor in WhatsApp [emphasis hers]," she writes, claiming that her position holds the "overwhelming consensus of the cryptography and security community."
The Guardian's article cites findings from UC Berkley doctorate student Tobias Boelter. He claims that WhatsApp's vulnerability stems from its end-to-end encryption's handling of messages sent to offline users in the event of a change of phone or SIM card. Rather than requiring its users to reconfirm their security keys in order for the message to be received, WhatsApp sends along the undelivered message automatically, informing the recipient afterward that the security key changed.
He (and then The Guardian) compared that system to another secure messaging app, Signal, which is held by many to be the gold standard for end-to-end encryption. Rather than letting the messages through, Signal blocks them until the keys can be reconfirmed.
That said, Signal and WhatsApp's end-to-end encryptions use the same protocol from Open Whisper Systems — this is the only way their systems differ.
And according to Tufecki, this isn't a "backdoor" — it's a means to increase reliability for WhatsApp users, who often have different priorities than those depending on Signal. "The very thing that makes Signal a recommendation for people at high risk — that it drops messages at any sign of hiccup — prevents a large number of ordinary people from adopting it," she writes.
She calls Boelter "a single well-meaning graduate student," whose inexperience and enthusiasm at finding a potential issue with one of the world's most popular app's security likely led him to "overestimate the practical impact" of the vulnerability.
Rather than holding him responsible, she criticizes The Guardianfor its lack of due diligence in confirming Boelter's findings with other experts (both WhatsApp and Open Whisper Systems claimed they were not contacted before the article was published) and calls for the publication, which she still says she harbors "great respect for," to retract the story.
When reached for comment by Mashable, a Guardianspokesperson provided us with this statement:
"We ran a series of articles highlighting and discussing a verified vulnerability in WhatsApp and its potential implications. WhatsApp was approached prior to publication and we included its response in the story, as well as a follow up comment which was received post-publication. While we stand by our reporting we have amended the article's use of the term 'backdoor' in line with the response and footnoted the articles to acknowledge this. We are aware of Zeynep Tufekci's open letter and have offered her the chance to write a response for the Guardian. This offer remains open and we continue to welcome debate."
We were unable to reach Tufecki for comment, but a recent Tweet makes her position on The Guardian's offer to write a response clear:
My writing a piece for the Guardian is not the answer. Guardian needs to retract, explain, learn from. https://t.co/RrK6IZ1PMB
— Zeynep Tufekci (@zeynep) January 20, 2017
With interest in secure messaging high in today's turbulent political climate, it's important for users to educate themselves on the systems they trust with their most vulnerable information. While the response to The Guardian's report from the security community was strong and swift, the potential vulnerability to WhatsApp still exists, even if it is tiny. To help decide if WhatsApp's system works for you, we suggest reading more about it in the Electronic Frontier Foundation's report on the topic.
TopicsCybersecurityWhatsApp
(责任编辑:時尚)
Satisfy your Olympics withdrawals with Nike's latest app
Volkswagen plans to be all
Here's what to expect from iOS 15
Apple to let you sign up for services with Face/Touch ID instead of passwords
Singapore gets world's first driverless taxisFyvush Finkel, Emmy winner for 'Picket Fences,' dies at 93
NEW YORK (AP) — Actor Fyvush Finkel, the plastic-faced Emmy Award-winning character actor whos
...[详细]I can't stop sliding into my own DMs
For more than a decade, I've carried on with a number of truly pathetic, one-sided DMs. I type, send
...[详细]Best podcasts for when you're on vacation, traveling, or taking a road trip
After over a year of isolation, wanderlust is swirling in the air, as many seek safe ways to re-emer
...[详细]What's a robot manicure really like? Quick, cheap, and guilt
A robot gave me a manicure last week.Let me stop you before you envision a bipedal humanoid carefull
...[详细]Tesla's rumored P100D could make Ludicrous mode even more Ludicrous
A Tesla Model S P100D begs the question: What's more Ludicrous than Ludicrous?Right now, the biggest
...[详细]DeepTok is taking over TikTok with berries and cream videos
TikTok's obsession with berries and cream shows that DeepTok isn't actually that far from mainstream
...[详细]Google Meet declares war on that sunny window behind you that's making you underexposed
Google Meet's camera software is getting smarter. On Monday, Google announced a neat little upgrade
...[详细]WhatsApp launches disappearing photos and video for all your sensitive (and sexy) messages
If one thing is clear from the surge of horny-on-main-ness during Twitter Fleets' last hurrah, it's
...[详细]This app is giving streaming TV news a second try
Watchup, the once-buzzy news video streaming service, is trying its hand again at the news game with
...[详细]Everything coming to Netflix in September 2021
On the hunt for the perfect fall binge-watch? Netflix has you covered, adding tons of new movies and
...[详细]