WhatsApp Blunder

I spend much of my effort on this blog discussing how privacy is something more than just security. That it involves respecting cultural norms, ensuring appropriate uses of data, encouraging transparency and other things that aren’t strictly technical, but all of that is meaningless if you are sloppy with your security. WhatsApp is about to find that out.

There is speculation circulating that WhatsApp used the same AES symmetric key, for all clients, to encrypt all of its chats. The news originated from a Tweet by Nadim Kobeissi of Diaspora revealing the key and calling out WhatsApp. If what Nadim alleges is the case, that is going to be a big bummer for the WhatsApp team as well as Facebook who are in the processes of acquiring them.

The story will unfold, or won’t, over the coming days and it could get interesting. It is worth remembering that cryptography is one of those things that is so powerful yet so easy to get wrong. This could be a case in point.

Note: If you are new to cryptography check out my two part primer.
Part 1
Part 2

 
0
Kudos
 
0
Kudos

Now read this

Motorola, Google and Others Are Missing the Boat

Continuing on the theme of a blog post from a couple weeks back I noticed this week a burst of news of internet enabled personal devices. First up, and the biggest news, was the announcement of the Moto 360, the smart watch from... Continue →