If you’re into backdoors than you’ll love Whatsapp and FB Messenger.
If approved, the new legislation will enable the country’s security services to hack into any personal device connected to the internet.
Germany’s Interior Minister Thomas de Maizière worked out a draft proposal that might force automotive and tech corporations to provide the country’s intelligence agencies with “back door” access to any digital device, including smartphones, laptops, private cars and smart TVs, the RedaktionsNetzwerk Deutschland (RND) reported.
The politician has justified his idea by the fact that the country’s security services are increasingly facing difficulties breaking through the systems that protect digital items.
For instance, the locking systems on cars have become so advanced and intelligent that their owners are informed via messenger even about the slightest movements of their vehicles. With the new law, De Maizière wants to prevent these automatic notifications if the law-enforcement services believe it to be justified by their investigation. <snip>
CEO Telegram: Developers secretly embed backdoor into apps!
On the occasion of the recent attack hacking which was accepted by its billionaire owner Amazon, Jeff Bezos, through the WhatsApp application, the Telegram CEO, Pavel Durov, said that WhatsApp application hides many risks.
Durov noted the hacking attack on his smartphone Jeff Bezos it wasn’t due to an Apple security error, but to application of WhatsApp. Wanting to speak more specifically, Durov said his vice president Facebook accused her Apple for hacking Bezos. According to Durov, however, the WhatsApp application was responsible for the hacking. He even justified his view by saying that the “corrupt” error video “WhatsApp didn’t just exist in iOS, but also to Android and Windows Phone. Therefore, it appeared in mobile phones which had WhatsApp installed. <snip>
WhatsApp Security Vulnerability
Back in March, Rolf Weber wrote about a potential vulnerability in the WhatsApp protocol that would allow Facebook to defeat perfect forward secrecy by forcibly change users’ keys, allowing it — or more likely, the government — to eavesdrop on encrypted messages.
It seems that this vulnerability is real:
WhatsApp has the ability to force the generation of new encryption keys for offline users, unbeknown to the sender and recipient of the messages, and to make the sender re-encrypt messages with new keys and send them again for any messages that have not been marked as delivered.
The recipient is not made aware of this change in encryption, while the sender is only notified if they have opted-in to encryption warnings in settings, and only after the messages have been re-sent. This re-encryption and rebroadcasting effectively allows WhatsApp to intercept and read users’ messages.