An attacker who compromises the Telegram server can, undetected, recover every message that was sent in the past and receive all messages transmitted in the future without anyone receiving any notification at all. > In contrast, Telegram does no encryption at all for group messages, even though it advertises itself as an encrypted messenger, and even though Telegram users think that group chats are somehow secure. It's much more effective to be Telegram: just leave cryptography out of everything, except for your marketing. To me, this article reads as a better example of the problems with the security industry and the way security research is done today, because I think the lesson to anyone watching is clear: don't build security into your products, because that makes you a target for researchers, even if you make the right decisions, and regardless of whether their research is practically important or not. Without a paper there will be no talks at conferences, which means there will be no inflammatory headlines like this one. There's no way to publish an academic paper about that, though, because there's no "attack" to describe, because there's no encryption to begin with. In contrast, Telegram does no encryption at all for group messages, even though it advertises itself as an encrypted messenger, and even though Telegram users think that group chats are somehow secure. I think it would be better if the server didn't have metadata visibility into group membership, but that's a largely unsolved problem, and it's unrelated to confidentiality of group messages. Given the alternatives, I think that's a pretty reasonable design decision, and I think this headline pretty substantially mischaracterizes the situation. There is no way to suppress this message. All group members will see that the attacker has joined. The attacker will not see any past messages to the group those were e2e encrypted with keys the attacker doesn't have.Ģ. If someone hacks the WhatsApp server, they can obviously alter the group membership. Clients of a group retrieve membership from the server, and clients encrypt all messages they send e2e to all group members. Here's how WhatsApp group messaging works: membership is maintained by the server.
0 kommentar(er)
