WhatsApp Blunder

I spend much of my effort on this blog discussing how privacy is something more than just security. That it involves respecting cultural norms, ensuring appropriate uses of data, encouraging transparency and other things that aren’t strictly technical, but all of that is meaningless if you are sloppy with your security. WhatsApp is about to find that out.

There is speculation circulating that WhatsApp used the same AES symmetric key, for all clients, to encrypt all of its chats. The news originated from a Tweet by Nadim Kobeissi of Diaspora revealing the key and calling out WhatsApp. If what Nadim alleges is the case, that is going to be a big bummer for the WhatsApp team as well as Facebook who are in the processes of acquiring them.

The story will unfold, or won’t, over the coming days and it could get interesting. It is worth remembering that cryptography is one of those things that is so powerful yet so easy to get wrong. This could be a case in point.

Note: If you are new to cryptography check out my two part primer.
Part 1
Part 2

 
0
Kudos
 
0
Kudos

Now read this

50 Shades of the Privacy Profession

Note: This is a piece I wrote for the International Association of Privacy Professionals Privacy Tech blog. I was asked the other day by a reporter to define “privacy professional.” I provided some over-long response describing how those... Continue →