News

WhatsApp Built Backdoor into its Encryption

WhatsApp, the Facebook-owned instant messaging app, features a security backdoor that allows the company to intercept and decrypt private messages sent through the platform, in flagrant contradiction of its previous stance that it employed end-to-end encryption. While WhatsApp uses encryption developed by Open Whisper Systems, the company behind end-to-end encryption SMS app Signal, the company has built in a protocol that allows the ability to generate new encryption keys for offline users, which then allows WhatsApp employees to access these messages.

The backdoor was found by University of California researcher Tobias Boelter, who reported the issue to Facebook last year. Facebook responded by assuring Boelter that the backdoor was “expected behaviour,” i.e. deliberate.

“If WhatsApp is asked by a government agency to disclose its messaging records, it can effectively grant access due to the change in keys,” Boelter told The Guardian.

“WhatsApp can effectively continue flipping the security keys when devices are offline and re-sending the message, without letting users know of the change till after it has been made, providing an extremely insecure platform,” said Steffen Tor Jensen, head of information security and digital counter-surveillance at the European-Bahraini Organisation for Human Rights, who verified Boelter’s findings.

“[Some] might say that this vulnerability could only be abused to snoop on ‘single’ targeted messages, not entire conversations,” Boelter added. “This is not true if you consider that the WhatsApp server can just forward messages without sending the ‘message was received by recipient’ notification (or the double tick), which users might not notice. Using the retransmission vulnerability, the WhatsApp server can then later get a transcript of the whole conversation, not just a single message.”

Boelter has made his findings public in the wake of the UK passing the most oppressive mass surveillance law in the history of democracy, the Investigatory Powers Act, which collects communications data for every resident of the country for up to twelve months.

Ashley Allen

Disqus Comments Loading...

Recent Posts

Electronic Arts Titles Played for Over 11 Billion Hours in 2024

Electronic Arts (EA) announced today that its games were played for over 11 billion hours…

2 days ago

Just 15% of Steam Gaming Time in 2024 Was Spent on New Releases

Steam's annual end-of-year recap, Steam Replay, provides fascinating insights into gamer habits by comparing individual…

2 days ago

STALKER 2 Gets Massive 110GB Patch With 1800+ Fixes

GSC GameWorld released a major title update for STALKER 2 this seeking, bringing the game…

2 days ago

Intel Unveils Core 200H Processors Based on the Previous Raptor Lake Refresh

Without any formal announcement, Intel appears to have revealed its new Core 200H series processors…

3 days ago

Ubisoft Reportedly Developing a New Quadruple A Game

Ubisoft is not having the best of times, but despite recent flops, the company still…

3 days ago

STALKER 2: Heart of Chornobyl Update 1.1 Fixes 1,800 Issues and Revamps A-Life 2.0

If you haven’t started playing STALKER 2: Heart of Chornobyl yet, now might be the…

3 days ago