Facebook owned WhatsApp, in early 2016, had announced the decision to implement end-to-end encryption for data transfered via texts or calls on its platform. But according to new reports, your chats may not be as secure as you trust them to be.
Facebook owned WhatsApp, in early 2016, had announced the decision to implement end-to-end encryption for data transfered via texts or calls on its platform. This move was well recieved by the industry as well as the consumer, because privacy and protection of data is of utmost importanct. But according to new reports, your chats may not be as secure as you trust them to be. According to The Guardian, security researcher Tobias Boelter from University of California, Berkeley has found out a backdoor in the messaging app which leaves your private texts and calls open to interceptions, which can be used by Facebook and the likes. However, WhatsApp has denied any such claims.
Meanwhile, security commentators have such vulnerabilities which have been found are nothing new. They have reportedly said that it is a age old problem of how key verification is implemented within an encrypted system. But the fact that the company denies such claims and using it as a backdoor even after informing, is a matter of concern. The expert was quoted in The Guardian as saying, “…maybe it was a bug first, but when discovered it got started being used as a backdoor.” Boelter also added, “If WhatsApp is asked by a government agency to disclose its messaging records, it can effectively grant access due to the change in keys.”
In the bug, the messaging app uses a protocol which generates keys for encryption which has an additional implementation for offline users which leaves many texts open to attacks. End-to-end encryption makes sure that chats can only be read by the sender and reciever and in no way can be used, found or read anywhere in the middle. So, when there is a forced update of the keys, the messages which were not delivered when offline also get re-encrypted and the app does not even ask you. This lets the company intercept it in the middle. There is still no way for users to block undelivered texts from being sent unprotected.
Notably, the vulnerability does not let hackers get into your phone, rather, lets Facebook and WhatsApp read your messages. This is bad news because, ecryption has been one of the best selling points for WhatsApp. Meanwhile, Facebook has responded to the problem and said that the bud essentially enables prevention of messages from being lost in transit. Should you be worried? As of now, there does not seem to be any immediate threat, as it cannot be cost effective to use this bug for advertising by the company. But the bad news is government security agencies can use the data, which, for them can be a gold mine. So, if you want to avoid surveillance, its time you stop using the app.