Wednesday, June 28, 2017

Whisper Signal WhatsApp

Following on from this post WhatsApp network forensics 2017/06/whatsapp-network-forensics.html you may know WhatsApp changed the protocol to 'Open Whisper System's Signal Protocol end-to-end encryption'. A useful analysis of "Signal" can be found here regarding capturing the “ratcheting” key update structure:

A Formal Security Analysis of the Signal Messaging Protocol
https://eprint.iacr.org/2016/1013.pdf.

Vulnerability attacks have already started to determine Signal weaknesses. The "last resort key" looks interesting as does internal messaging attacks that have produced some results:

HUNTING FOR VULNERABILITIES IN SIGNAL - HITBSECCONF2017
https://conference.hitb.org/hitbsecconf2017ams/materials/D2T1%20-%20Markus%20Vervier%20-%20Hunting%20for%20Vulnerabilities%20in%20Signal.pdf


WhatsApp network forensics: Decrypting and understanding the WhatsApp call signaling messages
https://sci-hub.io/
http://www.sciencedirect.com/science/article/pii/S1742287615000985?via%3Dihub

No comments: