WhatsApp is considered a secure platform due to the use of end-to-end encryption. However, this does not mean that it is completely free from hacker attacks that can endanger users’ privacy. This is demonstrated by Tal Be’ery, co-founder and CTO of crypto-wallet maker ZenGo, who in a post published on Medium explained how the advent of multi-device support and the adoption of the client-fanout* approach have contributed to making Meta’s instant messaging system less secure.
We are not talking about a security flaw, but a privacy issue that arises from the architecture of the platform. So much so that Meta was informed of the fact and, while taking Be’ery’s analysis into account, it felt that the report could not fall within the company’s bounty program.
“WhatsApp exposes, by design, certain information about the devices used by its users to each user of the platform and does not provide any controls or settings or configurations to allow users to control this exposure. This could allow the attackers to obtain some necessary information about their victims, such as those who change their mobile devices and the existence of “connected devices” (e.g. WhatsApp Web) – Tal Be’ery”
2016: End-to-end encryption debuts. The app generates a unique cryptographic key on your smartphone, and for this reason, every time you change devices, the app, after being reinstalled, creates a new cryptographic key (for this reason, a message appears when another user’s security code has changed). This doesn’t happen if the reinstalled app is retrieved from a backup, in which case the cryptographic key remains unchanged.
2021: The multi-device era (primary device + connected devices) begins. Not only the primary device, but also the “companion” ones must have their own cryptographic keys: in theory they could also coincide with those of the primary smartphone, but WhatsApp has opted for the generation of a unique key for each device.
Each device used has an Identity Key, created during installation and which remains valid until the app is uninstalled: the sender “uses client-fanout for all messages exchanged, i.e. each message is encrypted for each device with the corresponding session in pairs”. In other words, every time you send a message to a recipient who uses multiple devices, you create as many keys as there are devices themselves.
The key exchange protocol is different for primary and connected devices, so the sender is able to recognize which is the primary device. Attackers can exploit the WhatsApp web client to obtain device information as the client uses the browser’s local storage to store the devices’ identity key. And it’s not hard at all to find ways to visualize its data:
Primary Devices: Phone Number + .0 Suffix
Connected Devices: Phone Number + Suffix :.0
This information is present even if the sender’s phone number is not in the recipient’s contact list.
The risks are therefore run when:
The phone number is known
Victims are added as contacts
you use the WhatsApp web client with access to the table above
The danger, it must be said, is limited: the attacker can find out, for example, when a user changes smartphones, or worse when he knows that the web client, which is more vulnerable to attacks, is being used.