In the words of Germaine Greer:
Facebook has long claimed that WhatsApp is completely secure and messages cannot be intercepted thanks to the use of end-to-end encryption. But researchers have revealed a serious security flaw that makes it possible for Facebook and government agencies to read encrypted messages. The security vulnerability was initially discovered by Tobias Boelter, a cryptography and security researcher at the University of California, Berkeley and he initially reported the vulnerability to Facebook in April 2016 and was told that it was “expected behavior” that the company wasn’t looking to remedy.
As reported by the Guardian, WhatsApp’s encryption employs a generation of unique security keys using Open Whisper’s Signal protocol which guarantees that conversations can’t be intercepted. However, the security backdoor allows WhatsApp to override these security keys for offline users. In turn, the sender of the original message, unknowingly, re-encrypts the message, any messages that have not been marked as delivered, as a result, will be sent with these new encryption keys once the user comes back online.
‘This re-encryption and rebroadcasting effectively allows WhatsApp to intercept and read users’ messages’, says the report in the Guardian.
“If you’re using WhatsApp to avoid government surveillance, stop now,” warned one Twitter user.
The backdoor should be easily fixable, as it’s not a core part of the Signal protocol that WhatsApp uses for its encryption, but we are not sure if Facebook is thinking of fixing it since it considers it an ‘expected behavior.’
WhatsApp has again confirmed that its approach is deliberate.
The Guardian posted a story this morning claiming that an intentional design decision in WhatsApp that prevents people from losing millions of messages is a “backdoor” allowing governments to force WhatsApp to decrypt message streams. This claim is false.
WhatsApp does not give governments a “backdoor” into its systems and would fight any government request to create a backdoor. The design decision referenced in the Guardian story prevents millions of messages from being lost, and WhatsApp offers people security notifications to alert them to potential security risks. WhatsApp published a technical white paper on its encryption design, and has been transparent about the government requests it receives, publishing data about those requests in the Facebook