News

WhatsApp Built Backdoor into its Encryption

WhatsApp, the Facebook-owned instant messaging app, features a security backdoor that allows the company to intercept and decrypt private messages sent through the platform, in flagrant contradiction of its previous stance that it employed end-to-end encryption. While WhatsApp uses encryption developed by Open Whisper Systems, the company behind end-to-end encryption SMS app Signal, the company has built in a protocol that allows the ability to generate new encryption keys for offline users, which then allows WhatsApp employees to access these messages.

The backdoor was found by University of California researcher Tobias Boelter, who reported the issue to Facebook last year. Facebook responded by assuring Boelter that the backdoor was “expected behaviour,” i.e. deliberate.

“If WhatsApp is asked by a government agency to disclose its messaging records, it can effectively grant access due to the change in keys,” Boelter told The Guardian.

“WhatsApp can effectively continue flipping the security keys when devices are offline and re-sending the message, without letting users know of the change till after it has been made, providing an extremely insecure platform,” said Steffen Tor Jensen, head of information security and digital counter-surveillance at the European-Bahraini Organisation for Human Rights, who verified Boelter’s findings.

“[Some] might say that this vulnerability could only be abused to snoop on ‘single’ targeted messages, not entire conversations,” Boelter added. “This is not true if you consider that the WhatsApp server can just forward messages without sending the ‘message was received by recipient’ notification (or the double tick), which users might not notice. Using the retransmission vulnerability, the WhatsApp server can then later get a transcript of the whole conversation, not just a single message.”

Boelter has made his findings public in the wake of the UK passing the most oppressive mass surveillance law in the history of democracy, the Investigatory Powers Act, which collects communications data for every resident of the country for up to twelve months.

Ashley Allen

Disqus Comments Loading...

Recent Posts

Still Wakes the Deep 

LIVE THE HORROR: An immersive disaster story aboard a stunningly realised North Sea oil rig,…

1 hour ago

PHILIPS 275V8LA – 27 Inch QHD Monitor

The Philips VA LED display uses an advanced multi-domain vertical alignment technology that gives you…

1 hour ago

EPOMAKER Ajazz AK820 Pro 75% Gasket-mounted Mechanical Keyboard 

【TFT Screen: The Interactive Interface】This 75% mechanical keyboard comes equipped with a TFT Screen, serving…

1 hour ago

Funko Fusion

FANDOM FUSION Play as your favorite characters and wield their unique weapons and skills. Team…

1 hour ago

Shin Megami Tensei V: Vengeance Standard Edition

The Definitive Version of Shin Megami Tensei V - Fully evolved with stunning visuals for…

1 hour ago

Hand Warmers Rechargeable 2 Pack

【Unique Split Design】5200mAh hand warmers rechargeable together with double-sided heating function, split snap swivel design,…

1 hour ago