The messenger service WhatsApp no longer has access to the more than 100 billion daily messages on its platform, a comprehensive security test funded by the Swiss National Science Foundation (SNSF) has concluded. One identified weakness can be resolved with a strong password.
This content was published on
3 minutes
Keystone-SDA/ts
Español
es
Una prueba de seguridad de WhatsApp detecta un punto débil
An end-to-end encryption is used to ensure the confidentiality of WhatsApp. However, until recently, the automatic backup of the chats did not offer the same security, according to a statementExternal link by the SNSF. This is because the personal key to the data stored in the cloud was known to the company.
“Backups were safe from everyone apart from WhatsApp itself,” said Julia Hesse, a cryptographer from the IBM Research Institute in Zurich who has received funding from the SNSF.
This could also be why the messenger service launched a new backup protocol at the end of 2021, which Hesse and researchers from the federal technology institute ETH Zurich and the University of Wuppertal in Germany have now examined in detail. The study showed that the company itself is no longer able to access the backups.
The study found that with the new system the copy of the key is no longer stored at the company but on a separate, particularly secure computer to which WhatsApp has no access and whose code cannot be subsequently changed.
If a user loses their smartphone, they can now access the key themselves by entering a password and restore their own chats.
“It’s like the key is stored in a chest that can only be opened with the password,” Hesse said.
The protocol also protects the backup from “brute force” attacks, which keep trying passwords until they find the right one. “Even if a powerful attacker manages to gain control of the WhatsApp servers, the system would only allow them ten attempts, after which the key would be destroyed,” Hesse said. But the data is then lost for the user too.
Password vulnerability
However, the researchers discovered a possible vulnerability: in normal operation mode the system deletes old versions of the backup when a new version is created, such as when changing the password.
“An attack on WhatsApp or elsewhere could result in the old versions being retained, meaning that another ten attempts would be possible for each existing version,” Hesse said. But this loophole can be closed by choosing a strong password. “If, rather than taking their Swiss postcode, the user chooses eight characters with a special character, it doesn’t matter whether the attacker has ten or 200 goes.”
More
More
How a Swiss programme is teaching online privacy to children
This content was published on
Swiss data protection officials say young children should be taught about data security and privacy, before they use the internet.
Bodycams: essential for good law enforcement, or a privacy risk?
Did you ever come across bodycams in your place of residence and if so, how do you think the use of bodycams alter the relationship between the public and (transport) police?
What can be done to protect biodiversity in your country?
Swiss voters are set to decide on a people’s initiative calling for better protection of ecosystems in the country. Have your say on the September 22 vote.
Two dead after glider crash in southern Switzerland
This content was published on
Two people died after their glider crashed in canton Valais on Friday afternoon. The police said the victims were Swiss nationals, aged 72 and 46, who had apparently taken off from canton Aargau.
Scientists alarmed by poor state of biodiversity in Switzerland
This content was published on
Over 100 researchers have sounded the alarm over the state of biodiversity in Switzerland stating that "rapid and effective" measures are needed to strengthen its protection.
Nestle Chair says CEO change was prompted by growth concerns
This content was published on
The abrupt replacement of Nestle SA’s chief executive officer was prompted by worries over the food and beverage company’s growth outlook, Nestlé Chair Paul Bulcke told Swiss newspaper Le Temps.
Four out of five donor hearts for Swiss children come from abroad
This content was published on
Four out of five donor hearts which are transplanted into Swiss children come from outside the Alpine country, according to the director of Swisstransplant.
Climber dies on the Matterhorn in southern Switzerland
This content was published on
A climber died on Thursday after falling with a partner while descending the Matterhorn, near Zermatt, in southern Switzerland. The other mountaineer suffered minor injuries.
This content was published on
The Dalai Lama has arrived in Switzerland for a short visit. Hundreds of Tibetans welcomed him at an airport hotel in Opfikon, near Zurich, on Friday.
Sudan: Swiss among mediators calling for continuous flow of aid
This content was published on
The seven parties, including Switzerland, who led ten days of talks on Sudan in the Geneva region, are calling for the new flow of aid to “continue and accelerate”.
Coo d’état: Basel struggles to enforce pigeon-feeding ban
This content was published on
Police in the Swiss canton of Basel City have issued only eight fines since the ban on pigeon feeding came into force in July 2020.
If you want to start a conversation about a topic raised in this article or want to report factual errors, email us at english@swissinfo.ch.
Read more
More
Switzerland ticks differently with social media laws
This content was published on
Fake news, conspiracy theories, censorship: the reputation of social media seems at an all-time low. Can it ever be a boon for democracy again?
Cyber expert warns of dangers of unregulated social media
This content was published on
Marietje Schaake, president of the Cyber Peace Institute, talks to SWI swissinfo.ch about the unprecedented challenges in our digital era.
You can find an overview of ongoing debates with our journalists here . Please join us!
If you want to start a conversation about a topic raised in this article or want to report factual errors, email us at english@swissinfo.ch.