Whatsapp messages, that the company had claimed to be so secure that even staff couldn’t intercept it, aren’t secure, reported Guardian Newspaper today.
Paper said that there’s a loophole in Whatsapp that could allow Facebook and others to intercept and read your Whatsapp messages.
Citing a new research, the paper said that Facebook or others could read Whatsapp messages due to the way it has implemented its end-to-end encryption.
Paper said that these new finding mean a “huge threat to freedom of speech” and that this vulnerability could be used by government agencies as a backdoor to keep an eye on users who believe their Whatsapp messages to be secure.
Whatsapp has always boosted its security as a top selling point and was used by majority of activists, diplomats and other privacy-concerned users while considering it as a safe and secure platform.
Here’s What Can Trigger the Interception:
Whatapp’s end-to-end encryption relies on unique security keys that are generated in real time. These security keys are generated through famous “Signal protocol”, developed by Open Whisper Systems.
Whatsapp messages, when communicated, are encrypted while using these security keys to make sure that such communication isn’t intercepted while its travelling on the network.
However, according to this new research, WhatsApp can force-generate new encryption keys for offline users.
This change in encryption keys makes the sender re-encrypt messages with new keys and send some messages again that were not marked as delivered.
The recipient is not made aware of this change in encryption, while the sender is only notified if they have opted-in to encryption warnings in settings, and only after the messages have been re-sent.
This re-encryption and rebroadcasting effectively allows WhatsApp to intercept and read users’ messages.
This essentially means that Whatsapp has a control over encryption keys, and if its forced by government or in-house policies, it could read user messages or even worse let anyone read them.
WhatsApp, in response to the report, said that it does not give governments a ‘backdoor’ into its systems and would fight any government request to create a backdoor.