Ad
Tech Gist

Not So Secure After All: WhatsApp Apparently Has a Dangerous Backdoor That Allows Facebook And Others To Read Encrypted Messages

In the words of Germaine Greer:
Image and video hosting by TinyPic
Facebook has long claimed that WhatsApp is completely secure and messages cannot be intercepted thanks to the use of end-to-end encryption. But researchers have revealed a serious security flaw that makes it possible for Facebook and government agencies to read encrypted messages. The security vulnerability was initially discovered by Tobias Boelter, a cryptography and security researcher at the University of California, Berkeley and he initially reported the vulnerability to Facebook in April 2016 and was told that it was “expected behavior” that the company wasn’t looking to remedy.

As reported by the Guardian, WhatsApp’s encryption employs a generation of unique security keys using Open Whisper’s Signal protocol which guarantees that conversations can’t be intercepted. However, the security backdoor allows WhatsApp to override these security keys for offline users. In turn, the sender of the original message, unknowingly, re-encrypts the message, any messages that have not been marked as delivered, as a result, will be sent with these new encryption keys once the user comes back online.
‘This re-encryption and rebroadcasting effectively allows WhatsApp to intercept and read users’ messages’, says the report in the Guardian.
“If you’re using WhatsApp to avoid government surveillance, stop now,” warned one Twitter user.
The backdoor should be easily fixable, as it’s not a core part of the Signal protocol that WhatsApp uses for its encryption, but we are not sure if Facebook is thinking of fixing it since it considers it an ‘expected behavior.’
 
UPDATE:
WhatsApp has again confirmed that its approach is deliberate.

The Guardian posted a story this morning claiming that an intentional design decision in WhatsApp that prevents people from losing millions of messages is a “backdoor” allowing governments to force WhatsApp to decrypt message streams. This claim is false.

WhatsApp does not give governments a “backdoor” into its systems and would fight any government request to create a backdoor. The design decision referenced in the Guardian story prevents millions of messages from being lost, and WhatsApp offers people security notifications to alert them to potential security risks. WhatsApp published a technical white paper on its encryption design, and has been transparent about the government requests it receives, publishing data about those requests in the Facebook

Ad

10 comments on “Not So Secure After All: WhatsApp Apparently Has a Dangerous Backdoor That Allows Facebook And Others To Read Encrypted Messages

  1. Henry says:

    I have been expecting this. Kinda surprised it just made the news now. I have never trusted facebook with privacy from day one. Ever since they took over whatsapp, I knew I need to stop using it for sensitive information. Telegram FTW

  2. pWilliams says:

    wasn’t supprised either…in this internet age, security is just an imagination…so sad…I trusted WhatsApp so much

  3. Joshua says:

    Lol since Facebook took over I knew all that security talk was rubbish

  4. i am not understanding… Please biko..can someone explain all this big big grammar for me?

    1. Anonymous says:

      some people u dont know see all ur whatsapp messages
      SO BE KIAFULL

  5. Rotimi popoola says:

    Hmmmn Facebook kai … Nawa oh nothing is secure again sef

  6. KingAbsolute says:

    Am sure Mr. Tobias is one of those computer nerds that puts on goggle glasses. Now I have that “we were deceived” feeling. WhatsApp should make people’s chat security a priority.

  7. JAY HENRY says:

    There is a little bit of confusion here. I think somebody must be wrong, as WhatsApp stated that the backdoor Tobias claimed he discovered is not really a backdoor but something that is normal. Their claims were backed up by several other cryptographers and Security experts.
    Then, came this post from the open whispers signal guys, the guys that designed the encryption system WhatsApp is using, they came along with a different story.
    I think before anybody can believe anything what so ever concerning this issue, they should first hear from all the parties involved and then evaluate the one that is saying something meaningful.
    For me, I go with the open whispers guys. They fully explained what Tobias discovered and laid down everything in a way you can understand.
    Before you join the league of people destroying WhatsApp, do check out the post here.
    http://geekshelm.com/paint-facebook-black-for-whatsapp-vulnerability/

  8. ỌBÁDÁRÀ says:

    … WELL, THE TYPE OF SECURITY WE ARE TALKING ABOUT HERE IS MORE IMPORTANT TO THE WHITES OR SAFEKY6TO SAY, THE DEVELOPED COUNTRIES. FOR ME, ALL OF THESE WILL NOT CHANGE MY MIND ABOUT USING WHATSAPP OR NOT…

Leave a Reply

Your email address will not be published.

Scroll to top