Published: Mon, January 16, 2017
Science | By Boyd Webster

WhatsApp denies encrypted messages on its platform can be intercepted

WhatsApp denies encrypted messages on its platform can be intercepted

WhatsApp, a massive messaging platform owned by Facebook, is well known as one of the more secure messengers on the market.

A security researcher has found a backdoor in the end-to-end encryption system used by the WhatsApp messaging service.

Don't worry. There is no backdoor like the Federal Bureau of Investigation was seeking for the iPhone in WhatsApp. But to make sure that messages are always sent, even when the recipient is offline, Whatsapp appears to have compromised that system. That means that theoretically a hacker would be able to poke around messages without the app knowing that someone else is actually reading them.

Indeed, users of encrypted messaging app can activate a "Show Security Notifications" setting that alerts them if and when the security keys of one of their contacts change. The cryptography researcher from the University of California said that WhatsApp can easily share its messaging records to government agencies through the change in keys. They also took issue with the suggestion that WhatsApp would surrender users' data to government officials without notifying them of its decision to do so. Cryptographers have to make trade-offs all the time. While WhatsApp has denied the inclusion of the backdoor, the security giant has also refuted the claims of an unruly implementation of their protocol in a blog post.

"High-risk users of WhatsApp, like people who are communicating very sensitive information, they should definitely be anxious". We believe that WhatsApp remains a great choice for users concerned with the privacy of their message content.

However, both WhatsApp and Open Whisper Systems are critical of the the Guardian report.

WhatsApp does not give governments a "backdoor" into its systems.

"WhatsApp does not give governments a "back door" into its systems and would fight any government request to create a back door", the firm said.

The problem means that WhatsApp's encryption can be circumvented, allowing people to look in on messages, The Guardian reported. "The design decision referenced in the Guardian story prevents millions of messages from being lost, and WhatsApp offers people security notifications to alert them to potential security risks", the statement added. The app has become hugely popular, with more than 1 billion users.

A WhatsApp spokesperson told the Guardian: "In many parts of the world, people frequently change devices and Sim cards". What it could and probably should do is follow Signal's example in notifying the user the keys have changed and not automatically resend a message.

A security option, which is turned off by default, can be found in the Settings menu of the app. According to the company, the changing of encryption keys is a normal occurrence in cryptography, and a key is usually changed when "someone gets a new device, or even just reinstalls the app, their identity key pair will change". "Any other person will have to request it from them", he said.

It prides itself on offering users top-notch security - but WhatsApp may not be as private as you think. That's why they use a secure channel (the physical channel) to verify this.

We appreciate the interest people have in the security of their messages and calls on WhatsApp.

Widely popular messaging app WhatsApp, owned by Facebook, has garnered huge praise for being one of the first to implement end-to-end encryption.

Like this: