WhatsApp puts user data at risk; here’s why you should be worried

By: |
Updated: Jan 16, 2017 11:32 AM

Facebook owned WhatsApp, in early 2016, had announced the decision to implement end-to-end encryption for data transfered via texts or calls on its platform. But according to new reports, your chats may not be as secure as you trust them to be.

whatsapp, whatsapp news, whatsapp bug, whatsapp hack, whatsapp hackers, whatsapp encryption, encryption, end-to-end encryption, tech news, encryption hacking, facebook, whatsapp WhatsApp’s flaw questions the privacy of messages sent within the platform, all around the world. (Source: AP)

Facebook owned WhatsApp, in early 2016, had announced the decision to implement end-to-end encryption for data transfered via texts or calls on its platform. This move was well recieved by the industry as well as the consumer, because privacy and protection of data is of utmost importanct. But according to new reports, your chats may not be as secure as you trust them to be. According to The Guardian, security researcher Tobias Boelter from University of California, Berkeley has found out a backdoor in the messaging app which leaves your private texts and calls open to interceptions, which can be used by Facebook and the likes. However, WhatsApp has denied any such claims.

Meanwhile, security commentators have such vulnerabilities which have been found are nothing new. They have reportedly said that it is a age old problem of how key verification is implemented within an encrypted system. But the fact that the company denies such claims and using it as a backdoor even after informing, is a matter of concern. The expert was quoted in The Guardian as saying, “…maybe it was a bug first, but when discovered it got started being used as a backdoor.” Boelter also added, “If WhatsApp is asked by a government agency to disclose its messaging records, it can effectively grant access due to the change in keys.”

Also read | WhatsApp virus: Indian security forces in danger?

In the bug, the messaging app uses a protocol which generates keys for encryption which has an additional implementation for offline users which leaves many texts open to attacks. End-to-end encryption makes sure that chats can only be read by the sender and reciever and in no way can be used, found or read anywhere in the middle. So, when there is a forced update of the keys, the messages which were not delivered when offline also get re-encrypted and the app does not even ask you. This lets the company intercept it in the middle. There is still no way for users to block undelivered texts from being sent unprotected.

Also see:

Notably, the vulnerability does not let hackers get into your phone, rather, lets Facebook and WhatsApp read your messages. This is bad news because, ecryption has been one of the best selling points for WhatsApp. Meanwhile, Facebook has responded to the problem and said that the bud essentially enables prevention of messages from being lost in transit. Should you be worried? As of now, there does not seem to be any immediate threat, as it cannot be cost effective to use this bug for advertising by the company. But the bad news is government security agencies can use the data, which, for them can be a gold mine. So, if you want to avoid surveillance, its time you stop using the app.

Get live Stock Prices from BSE, NSE, US Market and latest NAV, portfolio of Mutual Funds, Check out latest IPO News, Best Performing IPOs, calculate your tax by Income Tax Calculator, know market’s Top Gainers, Top Losers & Best Equity Funds. Like us on Facebook and follow us on Twitter.

Financial Express is now on Telegram. Click here to join our channel and stay updated with the latest Biz news and updates.

Next Stories
1MeitY draft: PLI outlay for laptops, servers at Rs 7,500 crore
2E-retailers must scale up to become profitable
3TIME TO ACT: Business transformation needs a Business Cloud