SlideShare a Scribd company logo

Defeating WhatsApp’s Lack of Encryption - BH Sao Paulo 2013

Jaime Sánchez
Jaime Sánchez

The document discusses security flaws in WhatsApp related to a lack of encryption of communications, metadata exposure, and discusses ways to add a new layer of security and privacy to WhatsApp messages by routing traffic through a custom server using encryption to protect the integrity and confidentiality of messages. It provides information on how WhatsApp's customized XMPP protocol works and how authentication is handled.

Technology
1 of 45
Download to read offline
`
DEFEATING WHATSAPP’S Defeating s ` Lack of Privacy
Defeating WhatsApp’s Lack of Privacy WHO  WE  ARE Jaime Sánchez - Computer Engineer & Security Researcher - Executive MBA, CISSP, CISA and CISM - Speaker at Rootedcon, Nuit du Hack, BH Arsenal, Defcon, DerbyCon, NoConName, DeepSec etc. - Twitter: @segofensiva - http://www.seguridadofensiva.com ! ! Pablo San Emeterio - Computer Engineer / I+D Optenet - Master of Science in Computer Security by UPM, CISA and CISM - Speaker at NoConName and CiberSeg - Previous experience with WhatsApp :) - Twitter: @psaneme Black Hat Sao Paulo
Defeating WhatsApp’s Lack of Privacy CONGRATS  PABLO!  :) Black Hat Sao Paulo NoConName 2013
Defeating WhatsApp’s Lack of Privacy ¿  WHAT  IS  WHATSAPP  ? - WhatsApp is a cross-platform (no desktop clients) instant messaging subscription ser vice for smartphones, that let users send messages and multimedia files to each other. ! - Because it uses your internet data plan and there's no additional cost for these messages, it's mostly used young people. ! - Was founded in 2009 by American Brian Acton and Ukrainian Jan Koum (also the CEO), both former employees of Yahoo!, and is based in Santa Clara, California. ! - WhatsApp might not be as widely known as Twitter, but it is definitely just as popular in terms of users. Black Hat Sao Paulo NoConName 2013
Defeating WhatsApp’s Lack of Privacy USERS  STATS It’s interesting to compare that stat to Twitter, which has 230 million active monthly users, and to Instagram, which has 150 million on its platform. Black Hat Sao Paulo NoConName 2013
Defeating WhatsApp’s Lack of Privacy MESSAGE  STATS Black Hat Sao Paulo NoConName 2013
Defeating WhatsApp’s Lack of Privacy Just how much is 10 billion messages? 416,666,670 messages an hour 6,944,440 messages a minute 115,704 messages a second - WhatsApp has done to SMS on mobile phones what Skype did to international calling on landlines! Black Hat Sao Paulo NoConName 2013
Defeating WhatsApp’s Lack of Privacy NEW  ARCHITECTURE Hardware Specs - Dual octo-core E5-2690 (32 logical CPUs) - 256GB RAM (128GB for A/V hosts) - 6 x 800GB SSD (4TB SATA for A/V hosts) - 2 x dual link-agg gig-E (public, private) ! New features - Resumable uploads and downloads - Reference counting Peak Scalability - 214M images in a day - 8.8K images/sec downloaded - 29 Gb/sec output bandwidth ! Holiday Week Black Hat Sao Paulo NoConName 2013
Defeating WhatsApp’s Lack of Privacy SECURITY  FLAWS - WhatsApp communications were not encrypted, and data was sent and received in plaintext, meaning messages to easily be read if packet traces are available (WhatsApp Sniffer) ! - WhatsApp began using IMEI numbers and MAC addresses as passwords. ! - Remote storage of virus, programs, html etc. on WhatsApp servers ! - Critical flaw lead to control any account (modify account, send and receive messages etc.) ! - Data stored in plaintext on database ! - An unknown hacker published a website (WhatsAppStatus.net) that made it possible to change the status of an arbitrary WhatsApp user, as long as the phone number was known. (To make it work, it only required a restart of the app) Black Hat Sao Paulo NoConName 2013
Defeating WhatsApp’s Lack of Privacy MORE  SECURITY  FLAWS - On January 13, 2012, WhatsApp was pulled from the iOS App Store, and the reason was not disclosed. The app was added back to the App Store four days later ! - Priyanka appeared spreading on Whatsapp through a contacts file that if you add to your contacts. ! - WhatsApp Voyeur: allows you to view the profile picture and current "Status" of every user without using a mobile phone or registered account ! - No authorization required to send messages, so any user can contact you or any custom designed bot could be created to send you spam. ! - Serious WhatsApp flaw allows decrypting user messages ! ! ! - This is what we know so far ... Black Hat Sao Paulo NoConName 2013
Defeating WhatsApp’s Lack of Privacy BLOCKING - Saudi Arabia plans to block Internet-based communication tool WhatsApp within weeks if the U.S.-based firm fails to comply with requirements set by the kingdom's telecom regulator, local newspapers reported this week. ! - This month the Communications and Information Technology Commission (CITC) banned Viber, another such tool, which like WhatsApp is hard for the state to monitor and deprives telecom companies of revenue from international calls and texts. http://www.reuters.com/article/2013/06/16/ussaudi-internet-idUSBRE95F04R20130616 ! - The regulator issued a directive saying tools such as Viber, WhatsApp and Skype broke local laws, without specifying how. Black Hat Sao Paulo NoConName 2013
Defeating WhatsApp’s Lack of Privacy SURVEILLANCE - Repor ts and documents leaked by Edward Snowden in June 2013 indicate that PRISM is used for monitoring communications and other stored information. ! - The data that the NSA is supposedly able to get by PRISM includes email, video, voice chat, photos, IP addresses, login notifications, file transfer and details about social networking profiles. ! - Internet companies such as Microsoft, Google, Yahoo, Dropbox, Apple and Facebook are inside the program. ! - The objectives of the PRISM program are those citizens living outside the United States, but U.S. citizens are included too. Black Hat Sao Paulo NoConName 2013
Defeating WhatsApp’s Lack of Privacy ¿ Could WhatsApp be one of these companies ? The NSA infected more than 50,000 computers worldwide with malicious software designed to steal confidential information. Some countries affected are Venezuela, Bolivia, Brazil, Ecuador, Cuba, Colombia and Honduras, among others. The attacks are performed by a special department called Tailored Access Operations (TAO), which has more than a thousand hackers. Black Hat Sao Paulo NoConName 2013
Defeating WhatsApp’s Lack of Privacy THE  IDEA Black Hat Sao Paulo NoConName 2013
Defeating WhatsApp’s Lack of Privacy GOALS - The main objective of the research is to add a new layer of security and privacy to ensure that in the exchange of messages between members of a conversation both the integrity and confidentiality could not be affected by an external attacker: - Add secure encryption to the client. If an attacker intercepts the messages, or any governments try to intercept our messages at WhatsApp's server , they won't find any legible information. - Give a certain level of anonymity to the conversation by using fake/anonymous accounts and intermediate communication nodes. - Modify the inner workings of the application, routing all tr affic and conversation messages to own server (XMPP). Black Hat Sao Paulo NoConName 2013
Defeating WhatsApp’s Lack of Privacy GOALS - This technique has been developed to be used in a manner completely transparent to the users. ! - The software works for all WhatsApp’s platforms: we have developed a Linux-based solution (it works inside a Raspberry Pi, your laptop computer or you could use a VPN). ! - Could be ported to run inside Android. Black Hat Sao Paulo NoConName 2013
Defeating WhatsApp’s Lack of Privacy INSIDE  THE  WORLD  OF   WHATSAPP Black Hat Sao Paulo NoConName 2013
Defeating WhatsApp’s Lack of Privacy FUNXMPP - WhatsApp uses a customized version of the open standard eXtensible Messaging and Presence Platform (XMPP), called FunXMPP, that uses XML as its syntax.. ! - Without going into technical details, it is a messaging protocol that uses XML syntax: ! <message from=”01234567890@s.whatsapp.net”         id=”1339831077-7”         type=”chat”         timestamp=”1339848755”>    <notify xmlns=”urn:xmpp:whatsapp”            name=”NcN” />    <request xmlns=”urn:xmpp:receipts” />    <body>Hello</body> </message> ! - Since WhatsApp is intended for mobile devices, they wanted to use as little overhead as possible. ! - ¿ How did they achieve this ? Black Hat Sao Paulo NoConName 2013
Defeating WhatsApp’s Lack of Privacy FUNXMPP - First of all, all keywords are assigned a byte each. If you can replace each by just one byte, it would reduce the overhead a lot. ! - FunXMPP uses a HashTable for this, containing most (if not all) keywords ! - Given the syntax xnn for one byte with the hexadecimal value nn, the example above could be reduced to the following: ! ! <x5d x38=”01234567890@x8a”      x43=”1339831077-7”      xa2=”x1b”      x9d=”1339848755”>   <x65 xbd=”xae”         x61=”NcN” />   <x83 xbd=”xad” />   <x16>Hello</x16> </x5d> - All remaining ascii values cannot be replaced by a representative byte-value, because they are variable/no fixed keywords. Black Hat Sao Paulo NoConName 2013
Defeating WhatsApp’s Lack of Privacy BYTES - Byte xfc: This byte signifies a sequence of ascii characters will be used as the value. The length of this sequence can be found in the next byte (max length 255). - Byte xfd: Where xfc reads one byte for the length,xfd reads three bytes. This allows for strings up to a max of 16777215 characters. - Byte xf8 y xf9: Declare the beginning of a list and it is followed by its number of elements and subsequently the content,. The way members are counted is: !   1      2             3 <message from=”01234567890@s.whatsapp.net”          4      5         id=”1339831077-7”           6    7         type=”chat”             8           9         timestamp=”1339848755”>    <notify xmlns=”urn:xmpp:whatsapp”     |            name=”NcN” />                 |  10    <request xmlns=”urn:xmpp:receipts” /> |    <body>Hello</body>                    | </message> Black Hat Sao Paulo NoConName 2013
Defeating WhatsApp’s Lack of Privacy 57:41 01:02 => => LOGIN WA PROTOCOL VERSION 1.2 f8:05:01:c8:ab:a5:fc:12:69:50:68:6f:6e:65:2d:32:2e:31:30:2e:32:2d:35:32:32:32:00:00 0x01 => stream:stream 0xc8 => to 0xab: s.whatsapp.net 0xa5 => resource 0xfc => String 12caracteres => iPhone-2.10.2-5222 <stream:stream to=”s.whatsapp.net” resource=”iPhone-2.10.2-5222” /> f8:02:bb => 0xbb => stream:features f8:04 f8:03:70:31:ca => 0x70 => message_acks f8:01:9c => 0x9c => receipt_acks f8:03:e4:cb:0c => 0xe4 => w:profile:picture f8:03:b9:7c:ca => 0xb9 => status <stream:features> <message_acks enable=TRUE /> <receipt_acks /> <w:profile:picture type=ALL /> <status notification=TRUE /> </stream:features> 0x31 => enable 0xca => TRUE 0xcb => type 0x7c => notification 0x0c => all 0xca => TRUE f8:08:10:6d:ec:da:fc:0b:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:X:e8:cf 0x10 => auth 0x6d => mechanism 0xec => WAUTH-1  user => 34XXXXXXXXX 0x31 => enable 0xe8 => xmlns 0xcf => urn:ietf:params:xml:ns:xmpp-sasl <auth mechanism=”WAUTH-1” user=”XXXXXXXXXXX” xmlns=”urn:ietf:params:xml:ns:xmpp-sasl” /> Black Hat Sao Paulo NoConName 2013
Defeating WhatsApp’s Lack of Privacy LOGGING  IN  ON  A  NEW  DEVICE 1) WhatsApp will send the user’s phone number to servers, through HTTPS, requesting an authentication code 2) The mobile phone receives, through text message, the authentication code 3) This authentication code is sent and compared, and if matches, WhatsApp obtains the password ! - To log in, the client uses a custom SASL mechanism, called WAUTH-1. First, the client sends: ! <auth xmlns="urn:ietf:params:xml:ns:xmpp-sasl" user="XXXXXXXXXXXX" mechanism="WAUTH-1" /> - Server will answer with a challenge: ! <challenge xmlns="urn:ietf:params:xml:ns:xmpp-sasl">YYYYYYYYYYYYYYYYYYYY </challenge> - To respond the challenge, the client will generate a key using PKBDF2 with user’s password, challenge as salt and SHA1 as hash function. Only 20 bytes from result will be used as key <phone number> || <20 bytes> || UNIX timestamp: <response xmlns="urn:ietf:params:xml:ns:xmpp-sasl">ZZZZZZZZZZZZZ</response> Black Hat Sao Paulo NoConName 2013
Defeating WhatsApp’s Lack of Privacy ARE  MY  MESSAGES  SECURE  ? - RC4, the most widely used software stream cipher and is used in popular protocols such as Transport Layer Security (TLS) and WEP, was designed by Ron Rivest of RSA Security in 1987 ! - RC4 has two stages - a KSA, that initializes the state table to be a "random" permutation based on the key, and the PRGA, which actually returns a random byte. ¿ Where is the problem ? Black Hat Sao Paulo NoConName 2013
Defeating WhatsApp’s Lack of Privacy From the creators of: - Don't run with scissors - Don't run near the pool - Don't run near the pool while carrying scissors ! ! Now comes: DON’T re-use the same RC4 keystream to encrypt two different messages Black Hat Sao Paulo NoConName 2013
Defeating WhatsApp’s Lack of Privacy EVERY  TIME  ALICE  ENCRYPTS  A  MESSAGE ,  GOD  KILLS  A  KITTEN  ... Suppose Alice wants to send encryptions of m1 and m2 to Bob over a public channel. Alice and Bob have a shared key k; however, both messages are the same length as the key k. Since Alice is extraordinary lazy (and doesn't know about stream ciphers), she decides to just reuse the key. ! Alice sends ciphertexts c1 = m1 ⊕ k and c2 = m2 ⊕ k to Bob through a public channel. Unfortunately, Eve intercepts both of these ciphertexts and calculates c1 ⊕ c2= m1 ⊕ m2. c1 = m1 ⊕ k c2 = m2 ⊕ k m1 = c1 ⊕ k m2 = c2 ⊕ k REUSED KEY ATTACK c1 ⊕ c2 = m1 ⊕ m2 Black Hat Sao Paulo NoConName 2013
Defeating WhatsApp’s Lack of Privacy ATTACKING  WHATSAPP’S  ENCRYPTION - From here, the task becomes separating the two plaintexts from one another (plaintext attack or Crib-Dragging), following the steps bellow: 1) Guess a word that might appear in one of the messages 2) Encode the word from step 1 to a hex string 3) XOR the two cipher-text messages 4) XOR the hex string from step 2 at each position of the XOR of the two cipher-texts (from step 3) 5) When the result from step 4 is readable text, we guess the English word and expand our crib search. 6) If the result is not readable text, we try an XOR of the crib word at the next position. ! - To do this, we have to do a little guessing about the plaintexts themselves. ! - The idea is to use a Frecuency Analysis based on the original language used in the plaintext. Black Hat Sao Paulo NoConName 2013
Defeating WhatsApp’s Lack of Privacy Black Hat Sao Paulo NoConName 2013
Defeating WhatsApp’s Lack of Privacy "WhatsApp takes security seriously and is continually thinking of ways to improve our product. While we appreciate feedback, we're concerned that the blogger's story describes a scenario that is more theoretical in nature. Also stating that all conversations should be considered compromised is inaccurate" the company said. Official response to https://blog.thijsalkema.de/blog/2013/10/08/piercing-through-whatsapp-s-encryption/ WTF! Black Hat Sao Paulo NoConName 2013
Defeating WhatsApp’s Lack of Privacy -­‐  DEMO  -­‐ Black Hat Sao Paulo NoConName 2013
Defeating WhatsApp’s Lack of Privacy ANONYMITY Black Hat Sao Paulo NoConName 2013
Defeating WhatsApp’s Lack of Privacy VIRTUAL  NUMBERS Black Hat Sao Paulo NoConName 2013
Defeating WhatsApp’s Lack of Privacy ADDITIONAL   ENCRYPTION Black Hat Sao Paulo NoConName 2013
Defeating WhatsApp’s Lack of Privacy INTERCEPT  MESSAGES - We have verified that the encryption used to protect the information and privacy of our conversations is easy to break. ! - ¿What can we do? We will intercept WhatsApp's message before you leaving the mobile phone. We'll decipher the original message with our key and we will apply a new cipher and then encrypt it with the original algorithm and key, not breaking the application. ! - From now on, we’ll be working this way: REAL-TIME MODIFICATION Black Hat Sao Paulo NoConName 2013
Defeating WhatsApp’s Lack of Privacy CHALLENGE  AND  iOS - In iOS version we’ll use a little trick to get the challenge. Instead of exchanging it during the login, WhatsApp sends the challenge for the next session while connected. ! - We’ll flip some random bytes, forcing WhatsApp to negotiate it again: - The result for the log in of the second mobile is the same: Black Hat Sao Paulo NoConName 2013
Defeating WhatsApp’s Lack of Privacy SENDING  MESSAGES - The message is sent from the client. Our program detects it, and using the RC4 session key used by WhatsApp, decrypts the message and extracts text. Once the text is clear, encrypts it with our algorithm and key, and re-wrap it in the original format with RC4 encryption it again, not breaking the operation of WhatsApp: - You can see how our program has decoded the original message: Bello ! - HMAC is deleted in the decoded message and we calculate it again before sending. Finally, the message will leave our mobile phone. We can see that the new message is different from the original because is has a layer encryption implemented by us: HMAC Black Hat Sao Paulo NoConName 2013
Defeating WhatsApp’s Lack of Privacy RECEIVING  MESSAGES - In the screenshot you can see how we received an normal WhatsApp message, but it’s really special. When we use the RC4 key to decrypt the text inside, we find is completely unreadable. - Using the same private key and algorithm, our program will decrypt the message text and reassemble the original text, so WhatsApp will be able to process it. ! ! - The final message can be read as usually by the user, and it’s the same as the first one: Black Hat Sao Paulo NoConName 2013
Defeating WhatsApp’s Lack of Privacy -­‐  DEMO  -­‐ Black Hat Sao Paulo NoConName 2013
Defeating WhatsApp’s Lack of Privacy WITHOUT  PRIVATE  KEY Black Hat Sao Paulo NoConName 2013
Defeating WhatsApp’s Lack of Privacy EXTERNAL   XMPP  SERVER Black Hat Sao Paulo NoConName 2013
Defeating WhatsApp’s Lack of Privacy HIDING  OUR  MESSAGES - The above method allows us to encrypt our messages, so other attackers capable of intercepting our traffic will not be able to get the contents of messages. ! - But, ¿ what if we want the traffic to directly bypass the WhatsApp's server ? EXTERNAL XMPP SERVER Black Hat Sao Paulo NoConName 2013
Defeating WhatsApp’s Lack of Privacy USING  AN  EXTERNAL  XMPP  SERVER - We analyze the outgoing message and decrypt it using the RC4 key. ! - Then, we extract the original text and send it to our external XMPP server: <destination number>¿<message_id>¿<original text> - The program will replace every character in the original text with our wildcard character, so the original message will never pass through WhatsApp's servers (this step is necessary or destination will reject our messages) ! - Recipient receives our message full of wildcard characters, querys our XMPP server and replaces the wildcard characters with the original text. Black Hat Sao Paulo NoConName 2013
Defeating WhatsApp’s Lack of Privacy -­‐  DEMO  -­‐ Black Hat Sao Paulo NoConName 2013
Defeating WhatsApp’s Lack of Privacy WHATSAPP  CAN  ONLY  SEE  ... Black Hat Sao Paulo NoConName 2013
Defeating WhatsApp’s Lack of Privacy Black Hat Sao Paulo NoConName 2013

Recommended

Architecture - Exploring a Discipline
Architecture - Exploring a DisciplineArchitecture - Exploring a Discipline
Architecture - Exploring a Disciplinepravbs
 
Realtime communication in mobile
Realtime communication in mobileRealtime communication in mobile
Realtime communication in mobilegirish_fingent
 
Whatsapp's Architecture
Whatsapp's ArchitectureWhatsapp's Architecture
Whatsapp's ArchitectureUdaya Kiran
 
Internet Trainng Centre in Ambala! BATRA COMPUTER CENTRE
Internet Trainng Centre in Ambala! BATRA COMPUTER CENTREInternet Trainng Centre in Ambala! BATRA COMPUTER CENTRE
Internet Trainng Centre in Ambala! BATRA COMPUTER CENTREjatin batra
 
Defcon9 Presentation2001
Defcon9 Presentation2001Defcon9 Presentation2001
Defcon9 Presentation2001Miguel Ibarra
 
Web Application Security - "In theory and practice"
Web Application Security - "In theory and practice"Web Application Security - "In theory and practice"
Web Application Security - "In theory and practice"Jeremiah Grossman
 
Protect your website
Protect your websiteProtect your website
Protect your websiteMuthu Natarajan
 
Tingenes internett for finn.no tech day
Tingenes internett for finn.no tech day Tingenes internett for finn.no tech day
Tingenes internett for finn.no tech day Simen Sommerfeldt
 

Recommended

Architecture - Exploring a Discipline
Architecture - Exploring a DisciplineArchitecture - Exploring a Discipline
Architecture - Exploring a Disciplinepravbs
 
Realtime communication in mobile
Realtime communication in mobileRealtime communication in mobile
Realtime communication in mobilegirish_fingent
 
Whatsapp's Architecture
Whatsapp's ArchitectureWhatsapp's Architecture
Whatsapp's ArchitectureUdaya Kiran
 
Internet Trainng Centre in Ambala! BATRA COMPUTER CENTRE
Internet Trainng Centre in Ambala! BATRA COMPUTER CENTREInternet Trainng Centre in Ambala! BATRA COMPUTER CENTRE
Internet Trainng Centre in Ambala! BATRA COMPUTER CENTREjatin batra
 
Defcon9 Presentation2001
Defcon9 Presentation2001Defcon9 Presentation2001
Defcon9 Presentation2001Miguel Ibarra
 
Web Application Security - "In theory and practice"
Web Application Security - "In theory and practice"Web Application Security - "In theory and practice"
Web Application Security - "In theory and practice"Jeremiah Grossman
 
Protect your website
Protect your websiteProtect your website
Protect your websiteMuthu Natarajan
 
Tingenes internett for finn.no tech day
Tingenes internett for finn.no tech day Tingenes internett for finn.no tech day
Tingenes internett for finn.no tech day Simen Sommerfeldt
 
Confraria Security & IT - Mobile Security
Confraria Security & IT - Mobile SecurityConfraria Security & IT - Mobile Security
Confraria Security & IT - Mobile SecurityVitor Domingos
 
Malicious Threats, Vulnerabilities and Defenses in WhatsApp and Mobile Instan...
Malicious Threats, Vulnerabilities and Defenses in WhatsApp and Mobile Instan...Malicious Threats, Vulnerabilities and Defenses in WhatsApp and Mobile Instan...
Malicious Threats, Vulnerabilities and Defenses in WhatsApp and Mobile Instan...Jaime Sánchez
 
Whatsapp-An innovative way of networking
Whatsapp-An innovative way of networkingWhatsapp-An innovative way of networking
Whatsapp-An innovative way of networkingSamrat Sikri
 
Year of pawnage - Ian trump
Year of pawnage - Ian trumpYear of pawnage - Ian trump
Year of pawnage - Ian trumpMAXfocus
 
Communication security 2021
Communication security 2021Communication security 2021
Communication security 2021MuhammadusmanRana10
 
Is whatsapp safe
Is whatsapp safeIs whatsapp safe
Is whatsapp safessuser1eca7d
 
Review on Whatsapp's End to End encryption and Facebook integration
Review on Whatsapp's End to End encryption and Facebook integrationReview on Whatsapp's End to End encryption and Facebook integration
Review on Whatsapp's End to End encryption and Facebook integrationGovindarrajan NV
 
IoT Deep Dive - Be an IoT Developer for an Hour
IoT Deep Dive - Be an IoT Developer for an HourIoT Deep Dive - Be an IoT Developer for an Hour
IoT Deep Dive - Be an IoT Developer for an HourTaisuke Yamada
 
Relações Conversacionais
Relações ConversacionaisRelações Conversacionais
Relações ConversacionaisLéo Xavier
 
What's New with Windows Phone - FoxCon Talk
What's New with Windows Phone - FoxCon TalkWhat's New with Windows Phone - FoxCon Talk
What's New with Windows Phone - FoxCon TalkSam Basu
 
Cyber security awareness presentation nepal
Cyber security awareness presentation nepalCyber security awareness presentation nepal
Cyber security awareness presentation nepalICT Frame Magazine Pvt. Ltd.
 
NWSLTR_Volume5_Issue2
NWSLTR_Volume5_Issue2NWSLTR_Volume5_Issue2
NWSLTR_Volume5_Issue2Charles Klondike
 
Fuzzing usb modems rahu_sasi
Fuzzing usb modems rahu_sasiFuzzing usb modems rahu_sasi
Fuzzing usb modems rahu_sasiRahul Sasi
 
OWASP Mobile Top 10
OWASP Mobile Top 10OWASP Mobile Top 10
OWASP Mobile Top 10NowSecure
 
Vozmob Nokiaday
Vozmob NokiadayVozmob Nokiaday
Vozmob Nokiadayfbar
 
Onubha brochure
Onubha brochureOnubha brochure
Onubha brochureOlsen Song
 
Azure & WP7 at GRDevDay
Azure & WP7 at GRDevDayAzure & WP7 at GRDevDay
Azure & WP7 at GRDevDaySam Basu
 
Kipokezi app framework
Kipokezi app frameworkKipokezi app framework
Kipokezi app frameworkFMNA
 
Etxt app framework
Etxt app frameworkEtxt app framework
Etxt app frameworkFMNA
 
It’s time to boost VoIP network security
It’s time to boost VoIP network securityIt’s time to boost VoIP network security
It’s time to boost VoIP network securityBev Robb
 
La problemática de la identificación de los participantes en las plataformas ...
La problemática de la identificación de los participantes en las plataformas ...La problemática de la identificación de los participantes en las plataformas ...
La problemática de la identificación de los participantes en las plataformas ...Jaime Sánchez
 
Derevolutionizing OS Fingerprinting: The cat and mouse game
Derevolutionizing OS Fingerprinting: The cat and mouse gameDerevolutionizing OS Fingerprinting: The cat and mouse game
Derevolutionizing OS Fingerprinting: The cat and mouse gameJaime Sánchez
 

More Related Content

Similar to Defeating WhatsApp’s Lack of Encryption - BH Sao Paulo 2013

Confraria Security & IT - Mobile Security
Confraria Security & IT - Mobile SecurityConfraria Security & IT - Mobile Security
Confraria Security & IT - Mobile SecurityVitor Domingos
 
Malicious Threats, Vulnerabilities and Defenses in WhatsApp and Mobile Instan...
Malicious Threats, Vulnerabilities and Defenses in WhatsApp and Mobile Instan...Malicious Threats, Vulnerabilities and Defenses in WhatsApp and Mobile Instan...
Malicious Threats, Vulnerabilities and Defenses in WhatsApp and Mobile Instan...Jaime Sánchez
 
Whatsapp-An innovative way of networking
Whatsapp-An innovative way of networkingWhatsapp-An innovative way of networking
Whatsapp-An innovative way of networkingSamrat Sikri
 
Year of pawnage - Ian trump
Year of pawnage - Ian trumpYear of pawnage - Ian trump
Year of pawnage - Ian trumpMAXfocus
 
Review on Whatsapp's End to End encryption and Facebook integration
Review on Whatsapp's End to End encryption and Facebook integrationReview on Whatsapp's End to End encryption and Facebook integration
Review on Whatsapp's End to End encryption and Facebook integrationGovindarrajan NV
 
IoT Deep Dive - Be an IoT Developer for an Hour
IoT Deep Dive - Be an IoT Developer for an HourIoT Deep Dive - Be an IoT Developer for an Hour
IoT Deep Dive - Be an IoT Developer for an HourTaisuke Yamada
 
Relações Conversacionais
Relações ConversacionaisRelações Conversacionais
Relações ConversacionaisLéo Xavier
 
What's New with Windows Phone - FoxCon Talk
What's New with Windows Phone - FoxCon TalkWhat's New with Windows Phone - FoxCon Talk
What's New with Windows Phone - FoxCon TalkSam Basu
 
Fuzzing usb modems rahu_sasi
Fuzzing usb modems rahu_sasiFuzzing usb modems rahu_sasi
Fuzzing usb modems rahu_sasiRahul Sasi
 
OWASP Mobile Top 10
OWASP Mobile Top 10OWASP Mobile Top 10
OWASP Mobile Top 10NowSecure
 
Vozmob Nokiaday
Vozmob NokiadayVozmob Nokiaday
Vozmob Nokiadayfbar
 
Onubha brochure
Onubha brochureOnubha brochure
Onubha brochureOlsen Song
 
Azure & WP7 at GRDevDay
Azure & WP7 at GRDevDayAzure & WP7 at GRDevDay
Azure & WP7 at GRDevDaySam Basu
 
Kipokezi app framework
Kipokezi app frameworkKipokezi app framework
Kipokezi app frameworkFMNA
 
Etxt app framework
Etxt app frameworkEtxt app framework
Etxt app frameworkFMNA
 
It’s time to boost VoIP network security
It’s time to boost VoIP network securityIt’s time to boost VoIP network security
It’s time to boost VoIP network securityBev Robb
 

Similar to Defeating WhatsApp’s Lack of Encryption - BH Sao Paulo 2013 (20)

Confraria Security & IT - Mobile Security
Confraria Security & IT - Mobile SecurityConfraria Security & IT - Mobile Security
Confraria Security & IT - Mobile Security
 
Malicious Threats, Vulnerabilities and Defenses in WhatsApp and Mobile Instan...
Malicious Threats, Vulnerabilities and Defenses in WhatsApp and Mobile Instan...Malicious Threats, Vulnerabilities and Defenses in WhatsApp and Mobile Instan...
Malicious Threats, Vulnerabilities and Defenses in WhatsApp and Mobile Instan...
 
Whatsapp-An innovative way of networking
Whatsapp-An innovative way of networkingWhatsapp-An innovative way of networking
Whatsapp-An innovative way of networking
 
Year of pawnage - Ian trump
Year of pawnage - Ian trumpYear of pawnage - Ian trump
Year of pawnage - Ian trump
 
Communication security 2021
Communication security 2021Communication security 2021
Communication security 2021
 
Is whatsapp safe
Is whatsapp safeIs whatsapp safe
Is whatsapp safe
 
Review on Whatsapp's End to End encryption and Facebook integration
Review on Whatsapp's End to End encryption and Facebook integrationReview on Whatsapp's End to End encryption and Facebook integration
Review on Whatsapp's End to End encryption and Facebook integration
 
IoT Deep Dive - Be an IoT Developer for an Hour
IoT Deep Dive - Be an IoT Developer for an HourIoT Deep Dive - Be an IoT Developer for an Hour
IoT Deep Dive - Be an IoT Developer for an Hour
 
Relações Conversacionais
Relações ConversacionaisRelações Conversacionais
Relações Conversacionais
 
What's New with Windows Phone - FoxCon Talk
What's New with Windows Phone - FoxCon TalkWhat's New with Windows Phone - FoxCon Talk
What's New with Windows Phone - FoxCon Talk
 
Cyber security awareness presentation nepal
Cyber security awareness presentation nepalCyber security awareness presentation nepal
Cyber security awareness presentation nepal
 
NWSLTR_Volume5_Issue2
NWSLTR_Volume5_Issue2NWSLTR_Volume5_Issue2
NWSLTR_Volume5_Issue2
 
Fuzzing usb modems rahu_sasi
Fuzzing usb modems rahu_sasiFuzzing usb modems rahu_sasi
Fuzzing usb modems rahu_sasi
 
OWASP Mobile Top 10
OWASP Mobile Top 10OWASP Mobile Top 10
OWASP Mobile Top 10
 
Vozmob Nokiaday
Vozmob NokiadayVozmob Nokiaday
Vozmob Nokiaday
 
Onubha brochure
Onubha brochureOnubha brochure
Onubha brochure
 
Azure & WP7 at GRDevDay
Azure & WP7 at GRDevDayAzure & WP7 at GRDevDay
Azure & WP7 at GRDevDay
 
Kipokezi app framework
Kipokezi app frameworkKipokezi app framework
Kipokezi app framework
 
Etxt app framework
Etxt app frameworkEtxt app framework
Etxt app framework
 
It’s time to boost VoIP network security
It’s time to boost VoIP network securityIt’s time to boost VoIP network security
It’s time to boost VoIP network security
 

More from Jaime Sánchez

La problemática de la identificación de los participantes en las plataformas ...
La problemática de la identificación de los participantes en las plataformas ...La problemática de la identificación de los participantes en las plataformas ...
La problemática de la identificación de los participantes en las plataformas ...Jaime Sánchez
 
Derevolutionizing OS Fingerprinting: The cat and mouse game
Derevolutionizing OS Fingerprinting: The cat and mouse gameDerevolutionizing OS Fingerprinting: The cat and mouse game
Derevolutionizing OS Fingerprinting: The cat and mouse gameJaime Sánchez
 
I Know Your P4$$w0rd (And If I Don't, I Will Guess It...)
I Know Your P4$$w0rd (And If I Don't, I Will Guess It...)I Know Your P4$$w0rd (And If I Don't, I Will Guess It...)
I Know Your P4$$w0rd (And If I Don't, I Will Guess It...)Jaime Sánchez
 
(In)Seguridad y Ataques de Mensajería Instantánea en Entornos Corporativos - ...
(In)Seguridad y Ataques de Mensajería Instantánea en Entornos Corporativos - ...(In)Seguridad y Ataques de Mensajería Instantánea en Entornos Corporativos - ...
(In)Seguridad y Ataques de Mensajería Instantánea en Entornos Corporativos - ...Jaime Sánchez
 
Whatsapp: mentiras y cintas de video RootedCON 2014
Whatsapp: mentiras y cintas de video RootedCON 2014Whatsapp: mentiras y cintas de video RootedCON 2014
Whatsapp: mentiras y cintas de video RootedCON 2014Jaime Sánchez
 
Plataformas de mensajería y riesgos asociados: caso WhatsApp
Plataformas de mensajería y riesgos asociados: caso WhatsAppPlataformas de mensajería y riesgos asociados: caso WhatsApp
Plataformas de mensajería y riesgos asociados: caso WhatsAppJaime Sánchez
 
AndroIDS: Mobile Security Reloaded
AndroIDS: Mobile Security ReloadedAndroIDS: Mobile Security Reloaded
AndroIDS: Mobile Security ReloadedJaime Sánchez
 
Defeating WhatsApp’s Lack of Privacy
Defeating WhatsApp’s Lack of PrivacyDefeating WhatsApp’s Lack of Privacy
Defeating WhatsApp’s Lack of PrivacyJaime Sánchez
 
Stealth servers need Stealth Packets - Derbycon 3.0
Stealth servers need Stealth Packets - Derbycon 3.0Stealth servers need Stealth Packets - Derbycon 3.0
Stealth servers need Stealth Packets - Derbycon 3.0Jaime Sánchez
 
From Kernel Space to User Heaven #NDH2k13
From Kernel Space to User Heaven #NDH2k13From Kernel Space to User Heaven #NDH2k13
From Kernel Space to User Heaven #NDH2k13Jaime Sánchez
 
Seguridad con la Pila TCP/IP
Seguridad con la Pila TCP/IPSeguridad con la Pila TCP/IP
Seguridad con la Pila TCP/IPJaime Sánchez
 
From Kernel Space to User Heaven
From Kernel Space to User HeavenFrom Kernel Space to User Heaven
From Kernel Space to User HeavenJaime Sánchez
 

More from Jaime Sánchez (12)

La problemática de la identificación de los participantes en las plataformas ...
La problemática de la identificación de los participantes en las plataformas ...La problemática de la identificación de los participantes en las plataformas ...
La problemática de la identificación de los participantes en las plataformas ...
 
Derevolutionizing OS Fingerprinting: The cat and mouse game
Derevolutionizing OS Fingerprinting: The cat and mouse gameDerevolutionizing OS Fingerprinting: The cat and mouse game
Derevolutionizing OS Fingerprinting: The cat and mouse game
 
I Know Your P4$$w0rd (And If I Don't, I Will Guess It...)
I Know Your P4$$w0rd (And If I Don't, I Will Guess It...)I Know Your P4$$w0rd (And If I Don't, I Will Guess It...)
I Know Your P4$$w0rd (And If I Don't, I Will Guess It...)
 
(In)Seguridad y Ataques de Mensajería Instantánea en Entornos Corporativos - ...
(In)Seguridad y Ataques de Mensajería Instantánea en Entornos Corporativos - ...(In)Seguridad y Ataques de Mensajería Instantánea en Entornos Corporativos - ...
(In)Seguridad y Ataques de Mensajería Instantánea en Entornos Corporativos - ...
 
Whatsapp: mentiras y cintas de video RootedCON 2014
Whatsapp: mentiras y cintas de video RootedCON 2014Whatsapp: mentiras y cintas de video RootedCON 2014
Whatsapp: mentiras y cintas de video RootedCON 2014
 
Plataformas de mensajería y riesgos asociados: caso WhatsApp
Plataformas de mensajería y riesgos asociados: caso WhatsAppPlataformas de mensajería y riesgos asociados: caso WhatsApp
Plataformas de mensajería y riesgos asociados: caso WhatsApp
 
AndroIDS: Mobile Security Reloaded
AndroIDS: Mobile Security ReloadedAndroIDS: Mobile Security Reloaded
AndroIDS: Mobile Security Reloaded
 
Defeating WhatsApp’s Lack of Privacy
Defeating WhatsApp’s Lack of PrivacyDefeating WhatsApp’s Lack of Privacy
Defeating WhatsApp’s Lack of Privacy
 
Stealth servers need Stealth Packets - Derbycon 3.0
Stealth servers need Stealth Packets - Derbycon 3.0Stealth servers need Stealth Packets - Derbycon 3.0
Stealth servers need Stealth Packets - Derbycon 3.0
 
From Kernel Space to User Heaven #NDH2k13
From Kernel Space to User Heaven #NDH2k13From Kernel Space to User Heaven #NDH2k13
From Kernel Space to User Heaven #NDH2k13
 
Seguridad con la Pila TCP/IP
Seguridad con la Pila TCP/IPSeguridad con la Pila TCP/IP
Seguridad con la Pila TCP/IP
 
From Kernel Space to User Heaven
From Kernel Space to User HeavenFrom Kernel Space to User Heaven
From Kernel Space to User Heaven
 

Recently uploaded

Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Principled Technologies
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024The Digital Insurer
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 

Recently uploaded (20)

Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 

Defeating WhatsApp’s Lack of Encryption - BH Sao Paulo 2013

  • 1. `
  • 3. Defeating WhatsApp’s Lack of Privacy WHO  WE  ARE Jaime Sánchez - Computer Engineer & Security Researcher - Executive MBA, CISSP, CISA and CISM - Speaker at Rootedcon, Nuit du Hack, BH Arsenal, Defcon, DerbyCon, NoConName, DeepSec etc. - Twitter: @segofensiva - http://www.seguridadofensiva.com ! ! Pablo San Emeterio - Computer Engineer / I+D Optenet - Master of Science in Computer Security by UPM, CISA and CISM - Speaker at NoConName and CiberSeg - Previous experience with WhatsApp :) - Twitter: @psaneme Black Hat Sao Paulo
  • 4. Defeating WhatsApp’s Lack of Privacy CONGRATS  PABLO!  :) Black Hat Sao Paulo NoConName 2013
  • 5. Defeating WhatsApp’s Lack of Privacy ¿  WHAT  IS  WHATSAPP  ? - WhatsApp is a cross-platform (no desktop clients) instant messaging subscription ser vice for smartphones, that let users send messages and multimedia files to each other. ! - Because it uses your internet data plan and there's no additional cost for these messages, it's mostly used young people. ! - Was founded in 2009 by American Brian Acton and Ukrainian Jan Koum (also the CEO), both former employees of Yahoo!, and is based in Santa Clara, California. ! - WhatsApp might not be as widely known as Twitter, but it is definitely just as popular in terms of users. Black Hat Sao Paulo NoConName 2013
  • 6. Defeating WhatsApp’s Lack of Privacy USERS  STATS It’s interesting to compare that stat to Twitter, which has 230 million active monthly users, and to Instagram, which has 150 million on its platform. Black Hat Sao Paulo NoConName 2013
  • 7. Defeating WhatsApp’s Lack of Privacy MESSAGE  STATS Black Hat Sao Paulo NoConName 2013
  • 8. Defeating WhatsApp’s Lack of Privacy Just how much is 10 billion messages? 416,666,670 messages an hour 6,944,440 messages a minute 115,704 messages a second - WhatsApp has done to SMS on mobile phones what Skype did to international calling on landlines! Black Hat Sao Paulo NoConName 2013
  • 9. Defeating WhatsApp’s Lack of Privacy NEW  ARCHITECTURE Hardware Specs - Dual octo-core E5-2690 (32 logical CPUs) - 256GB RAM (128GB for A/V hosts) - 6 x 800GB SSD (4TB SATA for A/V hosts) - 2 x dual link-agg gig-E (public, private) ! New features - Resumable uploads and downloads - Reference counting Peak Scalability - 214M images in a day - 8.8K images/sec downloaded - 29 Gb/sec output bandwidth ! Holiday Week Black Hat Sao Paulo NoConName 2013
  • 10. Defeating WhatsApp’s Lack of Privacy SECURITY  FLAWS - WhatsApp communications were not encrypted, and data was sent and received in plaintext, meaning messages to easily be read if packet traces are available (WhatsApp Sniffer) ! - WhatsApp began using IMEI numbers and MAC addresses as passwords. ! - Remote storage of virus, programs, html etc. on WhatsApp servers ! - Critical flaw lead to control any account (modify account, send and receive messages etc.) ! - Data stored in plaintext on database ! - An unknown hacker published a website (WhatsAppStatus.net) that made it possible to change the status of an arbitrary WhatsApp user, as long as the phone number was known. (To make it work, it only required a restart of the app) Black Hat Sao Paulo NoConName 2013
  • 11. Defeating WhatsApp’s Lack of Privacy MORE  SECURITY  FLAWS - On January 13, 2012, WhatsApp was pulled from the iOS App Store, and the reason was not disclosed. The app was added back to the App Store four days later ! - Priyanka appeared spreading on Whatsapp through a contacts file that if you add to your contacts. ! - WhatsApp Voyeur: allows you to view the profile picture and current "Status" of every user without using a mobile phone or registered account ! - No authorization required to send messages, so any user can contact you or any custom designed bot could be created to send you spam. ! - Serious WhatsApp flaw allows decrypting user messages ! ! ! - This is what we know so far ... Black Hat Sao Paulo NoConName 2013
  • 12. Defeating WhatsApp’s Lack of Privacy BLOCKING - Saudi Arabia plans to block Internet-based communication tool WhatsApp within weeks if the U.S.-based firm fails to comply with requirements set by the kingdom's telecom regulator, local newspapers reported this week. ! - This month the Communications and Information Technology Commission (CITC) banned Viber, another such tool, which like WhatsApp is hard for the state to monitor and deprives telecom companies of revenue from international calls and texts. http://www.reuters.com/article/2013/06/16/ussaudi-internet-idUSBRE95F04R20130616 ! - The regulator issued a directive saying tools such as Viber, WhatsApp and Skype broke local laws, without specifying how. Black Hat Sao Paulo NoConName 2013
  • 13. Defeating WhatsApp’s Lack of Privacy SURVEILLANCE - Repor ts and documents leaked by Edward Snowden in June 2013 indicate that PRISM is used for monitoring communications and other stored information. ! - The data that the NSA is supposedly able to get by PRISM includes email, video, voice chat, photos, IP addresses, login notifications, file transfer and details about social networking profiles. ! - Internet companies such as Microsoft, Google, Yahoo, Dropbox, Apple and Facebook are inside the program. ! - The objectives of the PRISM program are those citizens living outside the United States, but U.S. citizens are included too. Black Hat Sao Paulo NoConName 2013
  • 14. Defeating WhatsApp’s Lack of Privacy ¿ Could WhatsApp be one of these companies ? The NSA infected more than 50,000 computers worldwide with malicious software designed to steal confidential information. Some countries affected are Venezuela, Bolivia, Brazil, Ecuador, Cuba, Colombia and Honduras, among others. The attacks are performed by a special department called Tailored Access Operations (TAO), which has more than a thousand hackers. Black Hat Sao Paulo NoConName 2013
  • 15. Defeating WhatsApp’s Lack of Privacy THE  IDEA Black Hat Sao Paulo NoConName 2013
  • 16. Defeating WhatsApp’s Lack of Privacy GOALS - The main objective of the research is to add a new layer of security and privacy to ensure that in the exchange of messages between members of a conversation both the integrity and confidentiality could not be affected by an external attacker: - Add secure encryption to the client. If an attacker intercepts the messages, or any governments try to intercept our messages at WhatsApp's server , they won't find any legible information. - Give a certain level of anonymity to the conversation by using fake/anonymous accounts and intermediate communication nodes. - Modify the inner workings of the application, routing all tr affic and conversation messages to own server (XMPP). Black Hat Sao Paulo NoConName 2013
  • 17. Defeating WhatsApp’s Lack of Privacy GOALS - This technique has been developed to be used in a manner completely transparent to the users. ! - The software works for all WhatsApp’s platforms: we have developed a Linux-based solution (it works inside a Raspberry Pi, your laptop computer or you could use a VPN). ! - Could be ported to run inside Android. Black Hat Sao Paulo NoConName 2013
  • 18. Defeating WhatsApp’s Lack of Privacy INSIDE  THE  WORLD  OF   WHATSAPP Black Hat Sao Paulo NoConName 2013
  • 19. Defeating WhatsApp’s Lack of Privacy FUNXMPP - WhatsApp uses a customized version of the open standard eXtensible Messaging and Presence Platform (XMPP), called FunXMPP, that uses XML as its syntax.. ! - Without going into technical details, it is a messaging protocol that uses XML syntax: ! <message from=”01234567890@s.whatsapp.net”         id=”1339831077-7”         type=”chat”         timestamp=”1339848755”>    <notify xmlns=”urn:xmpp:whatsapp”            name=”NcN” />    <request xmlns=”urn:xmpp:receipts” />    <body>Hello</body> </message> ! - Since WhatsApp is intended for mobile devices, they wanted to use as little overhead as possible. ! - ¿ How did they achieve this ? Black Hat Sao Paulo NoConName 2013
  • 20. Defeating WhatsApp’s Lack of Privacy FUNXMPP - First of all, all keywords are assigned a byte each. If you can replace each by just one byte, it would reduce the overhead a lot. ! - FunXMPP uses a HashTable for this, containing most (if not all) keywords ! - Given the syntax xnn for one byte with the hexadecimal value nn, the example above could be reduced to the following: ! ! <x5d x38=”01234567890@x8a”      x43=”1339831077-7”      xa2=”x1b”      x9d=”1339848755”>   <x65 xbd=”xae”         x61=”NcN” />   <x83 xbd=”xad” />   <x16>Hello</x16> </x5d> - All remaining ascii values cannot be replaced by a representative byte-value, because they are variable/no fixed keywords. Black Hat Sao Paulo NoConName 2013
  • 21. Defeating WhatsApp’s Lack of Privacy BYTES - Byte xfc: This byte signifies a sequence of ascii characters will be used as the value. The length of this sequence can be found in the next byte (max length 255). - Byte xfd: Where xfc reads one byte for the length,xfd reads three bytes. This allows for strings up to a max of 16777215 characters. - Byte xf8 y xf9: Declare the beginning of a list and it is followed by its number of elements and subsequently the content,. The way members are counted is: !   1      2             3 <message from=”01234567890@s.whatsapp.net”          4      5         id=”1339831077-7”           6    7         type=”chat”             8           9         timestamp=”1339848755”>    <notify xmlns=”urn:xmpp:whatsapp”     |            name=”NcN” />                 |  10    <request xmlns=”urn:xmpp:receipts” /> |    <body>Hello</body>                    | </message> Black Hat Sao Paulo NoConName 2013
  • 22. Defeating WhatsApp’s Lack of Privacy 57:41 01:02 => => LOGIN WA PROTOCOL VERSION 1.2 f8:05:01:c8:ab:a5:fc:12:69:50:68:6f:6e:65:2d:32:2e:31:30:2e:32:2d:35:32:32:32:00:00 0x01 => stream:stream 0xc8 => to 0xab: s.whatsapp.net 0xa5 => resource 0xfc => String 12caracteres => iPhone-2.10.2-5222 <stream:stream to=”s.whatsapp.net” resource=”iPhone-2.10.2-5222” /> f8:02:bb => 0xbb => stream:features f8:04 f8:03:70:31:ca => 0x70 => message_acks f8:01:9c => 0x9c => receipt_acks f8:03:e4:cb:0c => 0xe4 => w:profile:picture f8:03:b9:7c:ca => 0xb9 => status <stream:features> <message_acks enable=TRUE /> <receipt_acks /> <w:profile:picture type=ALL /> <status notification=TRUE /> </stream:features> 0x31 => enable 0xca => TRUE 0xcb => type 0x7c => notification 0x0c => all 0xca => TRUE f8:08:10:6d:ec:da:fc:0b:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:X:e8:cf 0x10 => auth 0x6d => mechanism 0xec => WAUTH-1  user => 34XXXXXXXXX 0x31 => enable 0xe8 => xmlns 0xcf => urn:ietf:params:xml:ns:xmpp-sasl <auth mechanism=”WAUTH-1” user=”XXXXXXXXXXX” xmlns=”urn:ietf:params:xml:ns:xmpp-sasl” /> Black Hat Sao Paulo NoConName 2013
  • 23. Defeating WhatsApp’s Lack of Privacy LOGGING  IN  ON  A  NEW  DEVICE 1) WhatsApp will send the user’s phone number to servers, through HTTPS, requesting an authentication code 2) The mobile phone receives, through text message, the authentication code 3) This authentication code is sent and compared, and if matches, WhatsApp obtains the password ! - To log in, the client uses a custom SASL mechanism, called WAUTH-1. First, the client sends: ! <auth xmlns="urn:ietf:params:xml:ns:xmpp-sasl" user="XXXXXXXXXXXX" mechanism="WAUTH-1" /> - Server will answer with a challenge: ! <challenge xmlns="urn:ietf:params:xml:ns:xmpp-sasl">YYYYYYYYYYYYYYYYYYYY </challenge> - To respond the challenge, the client will generate a key using PKBDF2 with user’s password, challenge as salt and SHA1 as hash function. Only 20 bytes from result will be used as key <phone number> || <20 bytes> || UNIX timestamp: <response xmlns="urn:ietf:params:xml:ns:xmpp-sasl">ZZZZZZZZZZZZZ</response> Black Hat Sao Paulo NoConName 2013
  • 24. Defeating WhatsApp’s Lack of Privacy ARE  MY  MESSAGES  SECURE  ? - RC4, the most widely used software stream cipher and is used in popular protocols such as Transport Layer Security (TLS) and WEP, was designed by Ron Rivest of RSA Security in 1987 ! - RC4 has two stages - a KSA, that initializes the state table to be a "random" permutation based on the key, and the PRGA, which actually returns a random byte. ¿ Where is the problem ? Black Hat Sao Paulo NoConName 2013
  • 25. Defeating WhatsApp’s Lack of Privacy From the creators of: - Don't run with scissors - Don't run near the pool - Don't run near the pool while carrying scissors ! ! Now comes: DON’T re-use the same RC4 keystream to encrypt two different messages Black Hat Sao Paulo NoConName 2013
  • 26. Defeating WhatsApp’s Lack of Privacy EVERY  TIME  ALICE  ENCRYPTS  A  MESSAGE ,  GOD  KILLS  A  KITTEN  ... Suppose Alice wants to send encryptions of m1 and m2 to Bob over a public channel. Alice and Bob have a shared key k; however, both messages are the same length as the key k. Since Alice is extraordinary lazy (and doesn't know about stream ciphers), she decides to just reuse the key. ! Alice sends ciphertexts c1 = m1 ⊕ k and c2 = m2 ⊕ k to Bob through a public channel. Unfortunately, Eve intercepts both of these ciphertexts and calculates c1 ⊕ c2= m1 ⊕ m2. c1 = m1 ⊕ k c2 = m2 ⊕ k m1 = c1 ⊕ k m2 = c2 ⊕ k REUSED KEY ATTACK c1 ⊕ c2 = m1 ⊕ m2 Black Hat Sao Paulo NoConName 2013
  • 27. Defeating WhatsApp’s Lack of Privacy ATTACKING  WHATSAPP’S  ENCRYPTION - From here, the task becomes separating the two plaintexts from one another (plaintext attack or Crib-Dragging), following the steps bellow: 1) Guess a word that might appear in one of the messages 2) Encode the word from step 1 to a hex string 3) XOR the two cipher-text messages 4) XOR the hex string from step 2 at each position of the XOR of the two cipher-texts (from step 3) 5) When the result from step 4 is readable text, we guess the English word and expand our crib search. 6) If the result is not readable text, we try an XOR of the crib word at the next position. ! - To do this, we have to do a little guessing about the plaintexts themselves. ! - The idea is to use a Frecuency Analysis based on the original language used in the plaintext. Black Hat Sao Paulo NoConName 2013
  • 28. Defeating WhatsApp’s Lack of Privacy Black Hat Sao Paulo NoConName 2013
  • 29. Defeating WhatsApp’s Lack of Privacy "WhatsApp takes security seriously and is continually thinking of ways to improve our product. While we appreciate feedback, we're concerned that the blogger's story describes a scenario that is more theoretical in nature. Also stating that all conversations should be considered compromised is inaccurate" the company said. Official response to https://blog.thijsalkema.de/blog/2013/10/08/piercing-through-whatsapp-s-encryption/ WTF! Black Hat Sao Paulo NoConName 2013
  • 30. Defeating WhatsApp’s Lack of Privacy -­‐  DEMO  -­‐ Black Hat Sao Paulo NoConName 2013
  • 31. Defeating WhatsApp’s Lack of Privacy ANONYMITY Black Hat Sao Paulo NoConName 2013
  • 32. Defeating WhatsApp’s Lack of Privacy VIRTUAL  NUMBERS Black Hat Sao Paulo NoConName 2013
  • 33. Defeating WhatsApp’s Lack of Privacy ADDITIONAL   ENCRYPTION Black Hat Sao Paulo NoConName 2013
  • 34. Defeating WhatsApp’s Lack of Privacy INTERCEPT  MESSAGES - We have verified that the encryption used to protect the information and privacy of our conversations is easy to break. ! - ¿What can we do? We will intercept WhatsApp's message before you leaving the mobile phone. We'll decipher the original message with our key and we will apply a new cipher and then encrypt it with the original algorithm and key, not breaking the application. ! - From now on, we’ll be working this way: REAL-TIME MODIFICATION Black Hat Sao Paulo NoConName 2013
  • 35. Defeating WhatsApp’s Lack of Privacy CHALLENGE  AND  iOS - In iOS version we’ll use a little trick to get the challenge. Instead of exchanging it during the login, WhatsApp sends the challenge for the next session while connected. ! - We’ll flip some random bytes, forcing WhatsApp to negotiate it again: - The result for the log in of the second mobile is the same: Black Hat Sao Paulo NoConName 2013
  • 36. Defeating WhatsApp’s Lack of Privacy SENDING  MESSAGES - The message is sent from the client. Our program detects it, and using the RC4 session key used by WhatsApp, decrypts the message and extracts text. Once the text is clear, encrypts it with our algorithm and key, and re-wrap it in the original format with RC4 encryption it again, not breaking the operation of WhatsApp: - You can see how our program has decoded the original message: Bello ! - HMAC is deleted in the decoded message and we calculate it again before sending. Finally, the message will leave our mobile phone. We can see that the new message is different from the original because is has a layer encryption implemented by us: HMAC Black Hat Sao Paulo NoConName 2013
  • 37. Defeating WhatsApp’s Lack of Privacy RECEIVING  MESSAGES - In the screenshot you can see how we received an normal WhatsApp message, but it’s really special. When we use the RC4 key to decrypt the text inside, we find is completely unreadable. - Using the same private key and algorithm, our program will decrypt the message text and reassemble the original text, so WhatsApp will be able to process it. ! ! - The final message can be read as usually by the user, and it’s the same as the first one: Black Hat Sao Paulo NoConName 2013
  • 38. Defeating WhatsApp’s Lack of Privacy -­‐  DEMO  -­‐ Black Hat Sao Paulo NoConName 2013
  • 39. Defeating WhatsApp’s Lack of Privacy WITHOUT  PRIVATE  KEY Black Hat Sao Paulo NoConName 2013
  • 40. Defeating WhatsApp’s Lack of Privacy EXTERNAL   XMPP  SERVER Black Hat Sao Paulo NoConName 2013
  • 41. Defeating WhatsApp’s Lack of Privacy HIDING  OUR  MESSAGES - The above method allows us to encrypt our messages, so other attackers capable of intercepting our traffic will not be able to get the contents of messages. ! - But, ¿ what if we want the traffic to directly bypass the WhatsApp's server ? EXTERNAL XMPP SERVER Black Hat Sao Paulo NoConName 2013
  • 42. Defeating WhatsApp’s Lack of Privacy USING  AN  EXTERNAL  XMPP  SERVER - We analyze the outgoing message and decrypt it using the RC4 key. ! - Then, we extract the original text and send it to our external XMPP server: <destination number>¿<message_id>¿<original text> - The program will replace every character in the original text with our wildcard character, so the original message will never pass through WhatsApp's servers (this step is necessary or destination will reject our messages) ! - Recipient receives our message full of wildcard characters, querys our XMPP server and replaces the wildcard characters with the original text. Black Hat Sao Paulo NoConName 2013
  • 43. Defeating WhatsApp’s Lack of Privacy -­‐  DEMO  -­‐ Black Hat Sao Paulo NoConName 2013
  • 44. Defeating WhatsApp’s Lack of Privacy WHATSAPP  CAN  ONLY  SEE  ... Black Hat Sao Paulo NoConName 2013
  • 45. Defeating WhatsApp’s Lack of Privacy Black Hat Sao Paulo NoConName 2013