Is there a misunderstanding by the OP or are they onto something?
1 Like
As far as I understand, you cannot choose distrust a device or trust only explicitly verified devices, like you can with OMEMO/XMPP, so yes, whatsapp could take over your account and intercept your messages (Signal could too).
But, if the sender has security notifications enabled, they should see that the security number has changed and infer that maybe you are getting mitm’d.
With the scenario that OP described, if he is describing it correctly, it would also be possible for meta to take someone’s account offline, register a new session, and wait for the senders’ client to re-encrypt and resend older messages that were undelivered, to the new device (if that’s what is going on there). Good to know that Signal does not do this.
EDIT: would be good if OP would clarify whether messages that were sent to him and delivered to his previous session were also re-encrypted to his new session automatically. If it’s only undelivered messages it’s bad, but if the client goes back like a full day and resends previously delivered messages automatically to new sessions, it’s even worse as it would allow a malicious server to arbitrarily exfiltrate a day or so worth of messages from anyone they’d like. Undetected until after the fact.
End-to-end encryption without proper verification doesn’t protect you much if you are being targeted
Recently (I think?) even Signal disabled these notifications by default, meaning that MITMs would go unnoticed by most if servers were compromised
4 Likes
Not a new behaviour. Its just a sacrifice made by whatsapp for usability, since most users wouldn’t understand why they can’t suddenly receive messages. They are still E2EE, their key management is just a less secure implementation.
You can read more here: Signal >> Blog >> There is no WhatsApp 'backdoor'
Here is a thread exploring this: encryption - How can WhatsApp recover messages sent to a damaged phone? - Information Security Stack Exchange
Whatsapp key management exposes you to MitM, Signal’s does not.
Sent AND delivered aren’t reencrypted. Only the sent and undelivered.
My non-tech oriented friends still receive them. But I’m not 100% sure if they are on default setups, might need someone else to check.
1 Like