WhatsApp, the Facebook-owned instant messaging app, features a security backdoor that allows the company to intercept and decrypt private messages sent through the platform, in flagrant contradiction of its previous stance that it employed end-to-end encryption. While WhatsApp uses encryption developed by Open Whisper Systems, the company behind end-to-end encryption SMS app Signal, the company has built in a protocol that allows the ability to generate new encryption keys for offline users, which then allows WhatsApp employees to access these messages.
The backdoor was found by University of California researcher Tobias Boelter, who reported the issue to Facebook last year. Facebook responded by assuring Boelter that the backdoor was “expected behaviour,” i.e. deliberate.
“If WhatsApp is asked by a government agency to disclose its messaging records, it can effectively grant access due to the change in keys,” Boelter told The Guardian.
“WhatsApp can effectively continue flipping the security keys when devices are offline and re-sending the message, without letting users know of the change till after it has been made, providing an extremely insecure platform,” said Steffen Tor Jensen, head of information security and digital counter-surveillance at the European-Bahraini Organisation for Human Rights, who verified Boelter’s findings.
“[Some] might say that this vulnerability could only be abused to snoop on ‘single’ targeted messages, not entire conversations,” Boelter added. “This is not true if you consider that the WhatsApp server can just forward messages without sending the ‘message was received by recipient’ notification (or the double tick), which users might not notice. Using the retransmission vulnerability, the WhatsApp server can then later get a transcript of the whole conversation, not just a single message.”
Boelter has made his findings public in the wake of the UK passing the most oppressive mass surveillance law in the history of democracy, the Investigatory Powers Act, which collects communications data for every resident of the country for up to twelve months.
Great news for all of you developers out there, as Unreal Engine 5.4 is here…
Horizon Forbidden West has gotten off to a great start on PC, with promising sales,…
Razer already has many of the absolute best gaming mice on the market, and it…
No matter who you are or where you are it's pretty sure thing that you've…
Low input lag reduces time delay between devices to monitor SmartImage game mode optimised for…
High-quality, elegant as well as timeless design and technical innovation - these are the features…