WhatsApp, the Facebook-owned instant messaging app, features a security backdoor that allows the company to intercept and decrypt private messages sent through the platform, in flagrant contradiction of its previous stance that it employed end-to-end encryption. While WhatsApp uses encryption developed by Open Whisper Systems, the company behind end-to-end encryption SMS app Signal, the company has built in a protocol that allows the ability to generate new encryption keys for offline users, which then allows WhatsApp employees to access these messages.
The backdoor was found by University of California researcher Tobias Boelter, who reported the issue to Facebook last year. Facebook responded by assuring Boelter that the backdoor was “expected behaviour,” i.e. deliberate.
“If WhatsApp is asked by a government agency to disclose its messaging records, it can effectively grant access due to the change in keys,” Boelter told The Guardian.
“WhatsApp can effectively continue flipping the security keys when devices are offline and re-sending the message, without letting users know of the change till after it has been made, providing an extremely insecure platform,” said Steffen Tor Jensen, head of information security and digital counter-surveillance at the European-Bahraini Organisation for Human Rights, who verified Boelter’s findings.
“[Some] might say that this vulnerability could only be abused to snoop on ‘single’ targeted messages, not entire conversations,” Boelter added. “This is not true if you consider that the WhatsApp server can just forward messages without sending the ‘message was received by recipient’ notification (or the double tick), which users might not notice. Using the retransmission vulnerability, the WhatsApp server can then later get a transcript of the whole conversation, not just a single message.”
Boelter has made his findings public in the wake of the UK passing the most oppressive mass surveillance law in the history of democracy, the Investigatory Powers Act, which collects communications data for every resident of the country for up to twelve months.
According to a new report, the GeForce RTX 5090 GPU will be very expensive. It…
A new AMD processor in the form of an engineering model has been leaked in…
SK Hynix has claimed to be the first company to mass-produce 321-layer NAND memory chips.…
SOUNDS GREAT – Full stereo sound (12W peak power) gives your setup a booming audio…
Special Edition Yoshi design Ergonomic controller shape with Nintendo Switch button layout Detachable 10ft (3m)…
Fluid Motion: These flight rudder pedals are smooth and accurate that enable precise control over…