首页 - 译文学习区 登录 注册
原文:鲁斯•施奈尔(密码员) 2017年1月17日

WhatsApp Security Vulnerability 聊天软件WhatsApp的安全弱点

  • 9263阅读
  • 0
  • 7评论
译者:yuanchan 原文作者:Bruce Schneier
发布:2017-03-17 12:47:29 挑错

WhatsApp Security Vulnerability

Bruce Schneier  

Posted on January 17, 2017

聊天软件WhatsApp的安全弱点

鲁斯•施奈尔(密码员)

2017年1月17日

Back in March, Rolf Weber wrote about a potential vulnerability in the WhatsApp protocol that would allow Facebook to defeat perfect forward secrecy by forcibly change users' keys, allowing it -- or more likely, the government -- to eavesdrop on encrypted messages.

去年3月,罗尔夫•韦伯(Rolf Weber)就WhatsApp中协议的一个潜在安全弱点发文。该协议通过强制性地改变用户密码,允许Facebook攻克完美的前向保密,从而允许Facebook或更有可能是其背后的政府部门窃取加密信息。

It seems that this vulnerability is real:

WhatsApp has the ability to force the generation of new encryption keys for offline users, unbeknown to the sender and recipient of the messages, and to make the sender re-encrypt messages with new keys and send them again for any messages that have not been marked as delivered.

这个弱点似乎是真实的:

WhatsApp可迫使离线用户生成新的加密密钥,在发件人和收件人不知情的情况下,将并未标记为已发送的任何信息,经发发件人重新加密并再次发送。

The recipient is not made aware of this change in encryption, while the sender is only notified if they have opted-in to encryption warnings in settings, and only after the messages have been re-sent. This re-encryption and rebroadcasting effectively allows WhatsApp to intercept and read users' messages.

收件人察觉不到这种密码的更改,而发件人如果已经设置了加密警告才被通知这一更改,且只有在信息重发之后才收到通知。这种重新加密和再发送使得WhatsApp有效拦截和读取用户讯息。

The security loophole was discovered by Tobias Boelter, a cryptography and security researcher at the University of California, Berkeley. He told the Guardian: "If WhatsApp is asked by a government agency to disclose its messaging records, it can effectively grant access due to the change in keys."

这一安全漏洞被加州大学伯克利分校的密码和安全研究员拜厄斯•贝尔特(Tobias Boelter,独立安全研究人员)发现。他告诉《卫报》:“如果政府机构要求泄露其信息记录,WhatsApp可因其具有的密钥变化功能,实际上授予政府机构访问权。”

The vulnerability is not inherent to the Signal protocol. Open Whisper Systems' messaging app, Signal, the app used and recommended by whistleblower Edward Snowden, does not suffer from the same vulnerability. If a recipient changes the security key while offline, for instance, a sent message will fail to be delivered and the sender will be notified of the change in security keys without automatically resending the message.

该安全弱点不是Signal protocol固有的。Open Whisper Systems的信息应用程序、Signal及告发者爱德华•斯诺登使用和推荐的应用程序,并没有遭遇同样的安全弱点。例如,收件人在脱机状态下更改安全密钥,信息不能发送成功,而发件人会被通知安全密钥的更改且不会自动重发信息。

WhatsApp's implementation automatically resends an undelivered message with a new key without warning the user in advance or giving them the ability to prevent it.

WhatsApp通过新的密钥自动重发未被送达的信息,不会提前警告用户或使用户有权限阻止这一指令的执行。

Note that it's an attack against current and future messages, and not something that would allow the government to reach into the past. In that way, it is no more troubling than the government hacking your mobile phone and reading your WhatsApp conversations that way.

An unnamed "WhatsApp spokesperson" said that they implemented the encryption this way for usability:

请注意,这是对当前和未来信息的一个攻击,而不是让政府去获取过去的信息。从这个方面来讲,情况比政府窃取你的手机和WhatsAPP的谈话内容更麻烦。  

一位未透露姓名的“WhatsApp发言人”称他们这样实施加密是出于可用性的考虑:

In WhatsApp's implementation of the Signal protocol, we have a "Show Security Notifications" setting (option under Settings > Account > Security) that notifies you when a contact's security code has changed. We know the most common reasons this happens are because someone has switched phones or reinstalled WhatsApp. This is because in many parts of the world, people frequently change devices and Sim cards. In these situations, we want to make sure people's messages are delivered, not lost in transit.

在WhatsApp执行Signal 协议时,当联系人的验证码已更改,我们的app会有一项 “显示安全通报”设置(设置里的选项>帐户>安全)通知您。发生这一情形最常见的原因是有人切换了手机或重装了WhatsApp。这是因为世界很多地方的人们经常更换手机或Sim卡。在这些情况下,我们希望确保人们发送的信息被送达,而不至于信息在传送过程中丢失。”

He's technically correct. This is not a backdoor. This really isn't even a flaw. It's a design decision that put usability ahead of security in this particular instance. Moxie Marlinspike, creator of Signal and the code base underlying WhatsApp's encryption, said as much:

从技术上讲,他是正确的。这不是后门,也真的不是缺陷,而是一个设计决定,在特定的情形下,将可用性先于安全性。WhatsApp的加密技术基于Signal协议和代码库,其制定者马林斯帕客(Moxie Marlinspike)也是这样说的:

Under normal circumstances, when communicating with a contact who has recently changed devices or reinstalled WhatsApp, it might be possible to send a message before the sending client discovers that the receiving client has new keys. The recipient's device immediately responds, and asks the sender to reencrypt the message with the recipient's new identity key pair. The sender displays the "safety number has changed" notification, reencrypts the message, and delivers it.

在通常情况下,当跟一位最近换过手机或重装过WhatApp的联系人联系时,在发件客户端发现收件客户端有新的密钥之前,一条信息可能被发出。收件人的手机立即回应,请求发件人采用收件人的身份确认密钥对重新加密信息。发件人显示“密钥已更改”的通知,再次加密信息并发送。

The WhatsApp clients have been carefully designed so that they will not re-encrypt messages that have already been delivered. Once the sending client displays a "double check mark," it can no longer be asked to re-send that message. This prevents anyone who compromises the server from being able to selectively target previously delivered messages for re-encryption.

WhatsApp的客户端已经精心设计,使它们不会再加密已经发送的消息。一旦发送客户端显示“双复选标记”,就不能再发送该消息。这样可以防止任何通过选择性针对之前已发送的信息进行再次加密以攻击客户端的行为。

The fact that WhatsApp handles key changes is not a "backdoor," it is how cryptography works. Any attempt to intercept messages in transmit by the server is detectable by the sender, just like with Signal, PGP, or any other end-to-end encrypted communication system.

WhatsApp在处理密钥更改方面并不存在后门,而正是加密机制的工作原理。任何试图拦截由服务器发送的消息的行为,发送者都能发现。与使用Signal、PGP或任何其他端对端加密信息系统一样。

The only question it might be reasonable to ask is whether these safety number change notifications should be "blocking" or "non-blocking." In other words, when a contact's key changes, should WhatsApp require the user to manually verify the new key before continuing, or should WhatsApp display an advisory notification and continue without blocking the user.

唯一合理的问题是这些密钥的更改通知应为“阻塞式”还是“非租塞式”。换句话说,当联系人的密钥发生改变,WhatsApp应该让用户手动验证新密钥,还是应该只显示一个安全通知,并不阻止用户的下一步操作。

Given the size and scope of WhatsApp's user base, we feel that their choice to display a non-blocking notification is appropriate. It provides transparent and cryptographically guaranteed confidence in the privacy of a user's communication, along with a simple user experience. The choice to make these notifications "blocking" would in some ways make things worse. That would leak information to the server about who has enabled safety number change notifications and who hasn't, effectively telling the server who it could MITM transparently and who it couldn't; something that WhatsApp considered very carefully.

鉴于WhatsApp的用户基础的规模和范围,我们觉得他们的选择显示一个“非阻塞式”通知是合适的。它为用户的通信隐私提供了透明且加密的保证,以及简单的用户体验。选择“阻塞”这些通知,在某些方面会使事情变得更糟。这样会向服务器泄露哪些用户已经收到,而哪些没有收到密钥更改通知,有效地通知服务器,可对哪些用户进行而不能对哪些用户进行中间人攻击。这是WhatsApp仔细考虑过的方面。

How serious this is depends on your threat model. If you are worried about the US government -- or any other government that can pressure Facebook -- snooping on your messages, then this is a small vulnerability. If not, then it's nothing to worry about.

这个问题有多严重取决于你的威胁模型。如果你担心美国政府或任何其他政府可能向Facebook施压,以窥探你的个人信息,那么这是一个小弱点。如果没有,那就没什么好担心的。

Slashdot thread. Hacker News thread. BoingBoing post. More here.

EDITED TO ADD (1/24): Zeynep Tufekci takes the Guardian to task for their reporting on this vulnerability. (Note: I signed on to her letter.)

EDITED TO ADD (2/13): The vulnerability explained by the person who discovered it.

This is a good explanation of the security/usability trade-off that's at issue here.

Tags: backdoors, encryption, Facebook, Signal, usability, vulnerabilities, WhatsApp

Slashdot话题、黑客新闻话题、BoingBoing帖。更多信息。

更多相关信息:

(2月14日)泽奈普•图费克奇(Zeynep Tufekci,普林斯顿大学信息技术政策研究员、科技社会学家)要求《卫报》就有关报道这一安全弱点的事件负责。(我在她的信中签了字。)

(2月13日):发现这一安全弱点的人对此弱点做出的有关解释。

这对这里讨论的有关权衡安全性和可用性的问题是一个不错的解释。

标签:后门、加密、Facebook、Signal、可用性、WhatApp

                                                      


相关译文来自无觅插件
共计7条评论
yuanchan发表于:2017-03-21 11:13:52

更正:Note that it's an attack against current and future messages, and not something that would allow the government to reach into the past. In that way, it is no more troubling than the government hacking your mobile phone and reading your WhatsApp conversations that way.请注意,这对当前和未来未发送成功的信息是一个攻击,对于过去已发送成功的信息,政府是获取不到的。这样,情况和政府窃取你的手机和WhatsAPP的谈话内容一样简单。

回复

yuanchan发表于:2017-03-21 11:14:35

更正:He's technically correct. This is not a backdoor. This really isn't even a flaw. It's a design decision that put usability ahead of security in this particular instance. Moxie Marlinspike, creator of Signal and the code base underlying WhatsApp's encryption, said as much:从技术上讲,他是正确的。这不是后门,也真的不是缺陷,而是一个设计决定,在特定的情形下,将可用性先于安全性。WhatsApp的加密技术基于Signal协议和代码库,其制定者马林斯帕客(Moxie Marlinspike)也是这样说的:

回复

yuanchan发表于:2017-03-21 11:15:49

更正:"double check mark" :“双复选标记”

回复

yuanchan发表于:2017-03-21 11:16:16

更正:This prevents anyone who compromises the server from being able to selectively target previously delivered messages for re-encryption.这样可以防止任何通过选择性针对之前已发送的信息进行再次加密以攻击客户端的行为。

回复

yuanchan发表于:2017-03-21 11:17:04

更正:That would leak information to the server about who has enabled safety number change notifications and who hasn't, effectively telling the server who it could MITM transparently and who it couldn't; something that WhatsApp considered very carefully.这样会向服务器泄露哪些用户已经收到,而哪些没有收到密钥更改通知,有效地通知服务器,可对哪些用户进行而不能对哪些用户进行MITM攻击。这是WhatsApp仔细考虑过的方面。

回复

passerby98发表于:2017-03-21 23:13:01

【信息】messages可用“讯息”或“消息”等,以区别information。

【伯克利市加利福尼亚大学】UC Berkeley通译“加州大学伯克利分校”。

【有效地授予政府机构访问权】it can effectively grant access due to the change in keys,其中应该解作“其实;实际上 You use effectively with a statement or opinion to indicate that it is not accurate in every detail, but that you feel it is a reasonable description or summary of a particular situation”(http://www.iciba.com/effectively)而不是【有效地】。

【这个方面来讲,情况比政府窃取你的手机和WhatsAPP的谈话内容更麻烦】In that way, it is no more troubling than the government hacking your mobile phone and reading your WhatsApp conversations that way,意思有些搞反了。

【一位未透露姓名的WhatsApp发言人称他们这样执行加密指令是出于可用性的考虑】An unnamed "WhatsApp spokesperson" said that they implemented the encryption this way for usability,原句的引号不应省略;implemented the encryption应该用“实施加密”。

【“再次确认”】 a "double check mark," ,其中mark指的符号,不宜省略;double check mark像是个打了两个勾的符号,参阅:http://cn.bing.com/images/search?q=double+check+mark&qpvt=double+check+mark&qpvt=double+check+mark&qpvt=double+check+mark&FORM=IGRE。

【“阻止”还是“不阻止”】"blocking" or "non-blocking",术语用“阻塞式”和“非阻塞式” ,参阅:http://www.phplinux.net/content/27353018398574909069.html。

【MITM攻击】MITM不妨用“中间人攻击”。

回复

yuanchan发表于:2017-03-22 07:31:05
passerby98:【信息】messages可用“讯息”或“消息”等,以区别information。

【伯克利市加利福尼亚大学】UC Berkeley通译“加州大学伯克利分校”。

【有效地授予政府机构访问权】it can effectively grant access due to the change in keys,其中应该解作“其实;实际上 You use effectively with a statement or opinion to indicate that it is not accurate in every detail, but that you feel it is a reasonable description or summary of a particular situation”(http://www.iciba.com/effectively)而不是【有效地】。

【这个方面来讲,情况比政府窃取你的手机和WhatsAPP的谈话内容更麻烦】In that way, it is no more troubling than the government hacking your mobile phone and reading your WhatsApp conversations that way,意思有些搞反了。

【一位未透露姓名的WhatsApp发言人称他们这样执行加密指令是出于可用性的考虑】An unnamed \"WhatsApp spokesperson\" said that they implemented the encryption this way for usability,原句的引号不应省略;implemented the encryption应该用“实施加密”。

【“再次确认”】 a \"double check mark,\" ,其中mark指的符号,不宜省略;double check mark像是个打了两个勾的符号,参阅:http://cn.bing.com/images/search?q=double+check+mark&qpvt=double+check+mark&qpvt=double+check+mark&qpvt=double+check+mark&FORM=IGRE。

【“阻止”还是“不阻止”】\"blocking\" or \"non-blocking\",术语用“阻塞式”和“非阻塞式” ,参阅:http://www.phplinux.net/content/27353018398574909069.html。

【MITM攻击】MITM不妨用“中间人攻击”。

@passerby98:谢谢老师的悉心点评,帮我解了不少疑惑。翻译时由于对基本的专业知识的不了解,很多地方没有处理好,会继续学习。再次谢谢您!

回复

×提示

您已经赞过此文了。

确定