WhatsApp, the Facebook-owned instant messaging app, features a security backdoor that allows the company to intercept and decrypt private messages sent through the platform, in flagrant contradiction of its previous stance that it employed end-to-end encryption. While WhatsApp uses encryption developed by Open Whisper Systems, the company behind end-to-end encryption SMS app Signal, the company has built in a protocol that allows the ability to generate new encryption keys for offline users, which then allows WhatsApp employees to access these messages.
The backdoor was found by University of California researcher Tobias Boelter, who reported the issue to Facebook last year. Facebook responded by assuring Boelter that the backdoor was “expected behaviour,” i.e. deliberate.
“If WhatsApp is asked by a government agency to disclose its messaging records, it can effectively grant access due to the change in keys,” Boelter told The Guardian.
“WhatsApp can effectively continue flipping the security keys when devices are offline and re-sending the message, without letting users know of the change till after it has been made, providing an extremely insecure platform,” said Steffen Tor Jensen, head of information security and digital counter-surveillance at the European-Bahraini Organisation for Human Rights, who verified Boelter’s findings.
“[Some] might say that this vulnerability could only be abused to snoop on ‘single’ targeted messages, not entire conversations,” Boelter added. “This is not true if you consider that the WhatsApp server can just forward messages without sending the ‘message was received by recipient’ notification (or the double tick), which users might not notice. Using the retransmission vulnerability, the WhatsApp server can then later get a transcript of the whole conversation, not just a single message.”
Boelter has made his findings public in the wake of the UK passing the most oppressive mass surveillance law in the history of democracy, the Investigatory Powers Act, which collects communications data for every resident of the country for up to twelve months.
AMD has launched (thanks Wccftech) its new Ryzen 7 8745H APU, a part of the…
MSI has announced a new BIOS update in mid-August to address stability issues with Intel’s…
Many PC models from top brands have faced security breaches due to a weak BIOS…
Ahoy, Straw Hat fans! The wait is finally over. The beloved RPG adventure, ONE PIECE…
【Wireless & 1800mAh Battery Operated】Touch lamps bedside use a rechargeable large capacity battery of 1800mAh,…
Click to open expanded view F Energy efficiency label Product Sheet Lepro GU10 LED Bulbs, Warm White…