[messaging] The downsides of no key verification

Nadim Kobeissi nadim at nadim.computer
Thu Jun 9 13:40:11 PDT 2016

I've also noticed this, but in my experience, Bob's phone will also show a notification that Alice's "security code has changed" right before re-transmitting the "lol" message. Does this notification appear for you?

I agree however that this re-transmission should not be automatic.

Nadim (sent from ThinkPad)

From: Messaging <messaging-bounces at moderncrypto.org> on behalf of Jason A. Donenfeld <Jason at zx2c4.com>
Sent: Thursday, June 9, 2016 10:26:52 PM
To: Messaging at moderncrypto.org
Subject: [messaging] The downsides of no key verification

Hi folks,

WhatsApp doesn't enforce any key verification, as we all know. I'm not
sure, however, that this behavior is well-known:

1. Alice and Bob converse over WhatsApp
2. Alice drops her phone in a swimming pool.
3. Bob sends Alice a message, "lol looks like your phone went
swimming", which she doesn't receive, since her phone is now broken.
4. While Alice is drying off after the swim, Malory registers a new
instance (and thus new key) of WhatsApp and registers it with Alice's
number by hanging out on SS7 to intercept the SMS verification.
5. Bob's phone now automatically and invisibly *retransmits* and
*reencrypts* the "lol" message to Malory's new unauthenticated keys.

Perhaps the retransmission in step 5 isn't a very good idea.

Messaging mailing list
Messaging at moderncrypto.org

More information about the Messaging mailing list