مراقبة الوتس اب؟

// May 18th, 2013 // Hacks, tech

كثر الحديث مؤخرا عن هيئة الاتصالات في المملكة و عن رغبتها في مراقبة الرسائل و الملفات المرسلة عن طريق الوتس اب. لي تعليق في نهاية المقال، و لكن أردت بعجالة أن أشرح بشكل مختصر عن نقاط الضعف في برنامج الوتس اب و الثغرات التي يمكن استغلالها و مدى إمكانية مراقبة المحدثات و الملفات المرسلة.

أولا: نقاط الضعف التي يمكن استغلالها:

-  يمكننا استخدام البرنامج برقم شخص اخر و استقبال رسائلهم بالاضافة الى امكانية ارسال رسائل من ارقامهم، و لكن سينتج عن هذا عدم تمكن المستخدم الاساسي من استخدام الوتس اب الا بعد القيام بعملية اعادة التسجيل. (لن أشرح الطريقة في هذا المقال، و لكن إذا كان هناك أقبال فقد أشرحها في مقال أخر)

-  يمكننا ارسال رسائل مجانية SMS لاي جوال في العالم. و ذلك من خلال استغلال خدمة رسائل التفعيل التي ترسل للمستخدم بعد التسجيل في الخدمة.

-  أما عن مراقبة جميع الاتصالات فالموضوع صعب و سأشرح طريقة التشفير في برنامج الوتس اب في الفقرة الثانية. الجواب في نهاية المقال.

ثانيا: كيف يعمل الوتس اب و امكانية مراقبة جميع الاتصالات: (سامحوني هذا الجزء بالانجليزي لكثرة المصطلحات و لكن الجزء الثالث من المقال ملخص بالعربي)

First of all, I know its illegal to monitor traffic and I am totally against it, but since many have been talking lately about the government wanting to monitor all whatsApp traffic, I started thinking whether its possible or not from a pure technical point of view. I also want to go on record saying its stupid to monitor, because with so many other encrypted alternatives out there, the bad guys would just stop using whatsApp and move on to something else, and the guys going through the traffic would be left with high school girls gossiping and millions of sandwich pictures of and cups of coffee taken from hundreds of angles.

Many of you might have heard of whatsApp Sniffer. If you haven’t, then don’t worry about it, its useless now. That probably explains why Big Brother is a bit pissed.! I believe it was last September, that the folks at whatsApp inc decided to encrypt all data communications between their servers and the clients. Before that, it was possible to simply sniff wifi traffic, and filter out whatsApp traffic using their servers’ IPs, and viola you get to see all whatsApp messages in clear text. There was an android app called whatsApp Sniffer, which is still out there if you’re interested in seeing what whatsApp encrypted traffic looks like. But, I should warn you, its 2013 and nothing is free. If something is free, then there’s a catch, which means its highly likely that many of the android apps you download online have spyware and whatnot, so just stay away from them.

Ok, back to whatsApp. The question now is what kind of encryption are we looking at? How does it work? And can it be broken?

In the beginning I believe they went with a weak cryptosystem, which was then broken. However, it was soon changed to the stream cipher “RC4” (aka ARC4). It  was invented in 1987 by Ron Rivest (RC stood for Ron’s Code).  It was kept a secret until 1994, when someone anonymously posted its description online. From there it took off! Why did they go for RC4? Its fast, simple, and its does the job well.

Ok, if we want to know how to see whatsApp traffic, we have to understand the authentication protocol between the client and whatsApp servers.

The authentication is a challenge/response authentication protocol. The server sends the client an authentication request containing some RANDOM bytes of data. The client takes that data, and combines them to the password of the account using PBKDF2.

So the RC4 session key = PBKDF2(PRF, Password, Salt, c, dkLen)

The Salt is used to randomize so the RANDOM bytes of data would be used for that.

c is the number of iterations.

dkLen is the length of the derived key, which is 160 bits in the case of whatsApp.

Since, the server also knows the account password, it also has the ability to calculate the same session key. The client then responds to the server by sending a message containing the username and some other random data. If the server manages to decrypt the message, it would confirm that the client has calculated the correct session key. The packets would be encrypted from then on using RC4 with the new session key.

One might ask if it’s possible to calculate the key using a “plain know text” attack against the authentication packets. I don’t think so, because they would obviously add a nonce in the response.

What does a whatsApp packet look like?

Flags Packet Size Packet Data
1B 2B 0 to 8kB

The Flag is only one Byte, and the first bit is set when the packet is encrypted. I’m not sure what the rest are used for

The Packet Size uses 16 bits to represent the size of the packet data.

The last four bytes are used as a HMAC-SHA1 checksum if the packet is being sent from the client to the server. If the packet is being sent from the server to the client, then the checksum is the first four bytes.

The data structure is similar to XML in way. It contains a tree of information with the following:

The basic format of an element is:

Element Size Type Tag Attributes Children/Data
2-3 Bytes 1B

Ok, now to the big question, does RC4 have any flaws? If so, how can then be used in this case?

– When we encrypt our goal is to hide a message by converting it into a ciphertext that looks absolutely random by not giving any information about the plaintext or the encryption key. It was believed that RC4 achieved this, however in recent years researchers have discovered that RC4 has a number of small biases. This has been know for years, but that weren’t very significant. A recent work by Sepehrdad et al in 2011 discovered more biases.

– To make it simple, if we manage to get a user to encrypt the same plaintext encrypted with many different encryption keys, then it would be possible to take advantage of the RC4 biases to figure out what was encrypted. You might think this is stupid and useless, but bear with me:

– You might ask, how would I get a user to send the same plaintext many times using different keys. Well, the initial packets tend to be the same, and in the case of whatsApp, clients send messages on their status (whether they’re online or not)  and these messages tend to be repeated and we would be able to use those (unless nonces are used). Also, the session encryption keys change alot, which means we will get those messages encrypted using a different key everytime a new session key is assigned to a client. Also, there are methods which may be used to get the client to send a common response or force the generation of new session keys.

– Seems simple ay? Well its not, because when we say many messages, we mean MANY..! According to the work by Sepehrdad et al, to recover a WEP secret of 128 bits, they needed 9800 encrypted packets. But we’re not dealing with WEP here, so for whatsApp’s 160 bit keys we would need a much much larger number of encrypted packets.

– There is a project called “whatsapp dissector for wireshark”. You plug in the key, and it would use wireshark to grab the traffic, filter out whatsapp traffic, and then display it after decrypting it using the keys you provide.

I’m feeling kinda sleepy, so I’ll just wrap this up real quick and go back to bed. Also, I’m not an expert on RC4, so if you find any mistakes just let me know :)

-  ثالثا:

نعود للسؤال المطروح بعد هذا الشرح المختصر. هل من الممكن مراقبة محادثات الوتس اب؟ لمستخدم واحد.. ممكن بعد جهد. هناك اكثر من طريقة، لكني لم أجربها..

هل من الممكن مراقبة جميع محادثات الوتس اب على مستوى عام؟ ما فيه مستحيل و لكنه صعب جدا جدا جدا..! و سينتج عن المراقبة أن المحادثات و ارسال الصور و غيرها ستكون أبطئ بكثير جدا، و سينتج عنه نفور الناس عن الوتس اب و الانتقال الى بديل أخر.

- رابعا: رايي حول الموضوع:

أفهم أن المراقبة ليست من أجل معرفة أسم بنت أم بندر الجديدة، و ليس من أجل معرفة ما إذا كانت خلود حامل، بل هو لحفظ الأمن في البلد. ولكن هل ستكون المراقبة مجدية؟

المراقبة لن تكون مجدية بنظري لان الأشخاص الذين نخشى من أذاهم ، لن يستخدموا وسائل الاتصالات المراقبة. إذن ما الفائدة من المراقبة في ظل وجود مئات الوسائل الأخرى المشفرة بطرق أخرى مختلفة؟

——

image above taken from http://web.davidgf.net/page/37/whatsapp-dissector-for-wireshark

One Response to “مراقبة الوتس اب؟”

  1. Abdulrahman Abahsain says:

    مقال جميل ومفيد موفق أخي فراس