WhatsApp vulnerable to snooping?

LONDON, United Kingdom (AFP) — The Facebook-owned mobile messaging service WhatsApp is vulnerable to interception, the Guardian newspaper reported on Friday, sparking concern over an app advertised as putting an emphasis on privacy.

The report said that WhatsApp messages could be read without its billion-plus users knowing due to a security backdoor in the way the company has implemented its end-to-end encryption protocol.

The system relies on unique security keys “that are traded and verified between users to guarantee communications are secure and cannot be intercepted by a middleman,” the report said.

But WhatsApp can force the generation of new encryption keys for offline users “unbeknown to the sender and recipient of the messages”, it said.

Tobias Boelter, a cryptography researcher at the University of California told the Guardian: “If WhatsApp is asked by a government agency to disclose its messaging records, it can effectively grant access due to the change in keys.”

Boelter said he had reported the backdoor vulnerability to Facebook in April 2016 and was told that Facebook was already aware of the issue but that it was not actively being worked on.

The company said in a statement that it provided a “simple, fast, reliable, and secure” service.

It said there was a way of notifying users when a contact’s security code had changed.

“We know the most common reasons this happens are because someone has switched phones or reinstalled WhatsApp…. In these situations, we want to make sure people’s messages are delivered, not lost in transit,” it said in a statement.

But the Guardian said it had verified that the security backdoor still exists.

The paper quoted Steffen Tor Jensen, head of information security and digital counter-surveillance at the European-Bahraini Organisation for Human Rights, saying: “WhatsApp can effectively continue flipping the security keys when devices are offline and re-sending the message, without letting users know of the change till after it has been made, providing an extremely insecure platform”.

Facebook bought WhatsApp in 2014 but it continues to operate as a separate app.

11 Comments

  1. Anonymous
    January 15, 2017 at 10:10 am

    Interesting read

  2. Anonymous
    January 15, 2017 at 11:43 am

    You should use Signal messenger. End to end encryption and the company is not in cahoots with any Government. It’s owner is a die hard privacy nut.

  3. Anonymous
    January 15, 2017 at 2:09 pm

    While I’m not recommending WhatsApp, I would appreciate reports like this checking the facts before regurgitating false news. https://whispersystems.org/blog/there-is-no-whatsapp-backdoor/
    That is an article by open whisper systems (creator of signal) explaining that the researcher doesn’t understand what he’s talking about.

    1. Anonymous
      January 16, 2017 at 12:00 am

      It is possible:

      The supposed “backdoor” the Guardian is describing is actually a feature working as intended, and it would require significant collaboration with Facebook to be able to snoop on and intercept someone’s encrypted messages…

    2. Anonymous
      January 16, 2017 at 12:03 am

      This is a backdoor plain and simple. Facebook, that owns whatsapp can read your message despite encryption. FaceBook has no hesitation to violating users privacy and is part of the NSA spying ring. PRISM anyone. I would strongly suggest any and everyone to stop using whatsapp. All those big companies, Apple, Google, Microsoft, Facebook are in bed with the NSA and other spy agencies around the world. Use signal if you care about your privacy online.

  4. 798798798
    January 15, 2017 at 4:46 pm

    You should check out the CyberDust app. It was developed by a company belonging to Mark Cuban. Because he has had his run-ins with the US government and has done it best to make it secure and keep the government out of it. It’s like SnapChat but much more secure and also, it doesn’t keep any records or user communications.

  5. The Crow
    January 15, 2017 at 6:38 pm

    I do understand that we have our preferences when it comes to communication apps and programs. We talk about this program is vulnerable and this one isn’t. But can we truly know which is totally secure? In my mind, none are secure. And with this premise, I do not transmit essential or private information over any.

    1. Anonymous
      January 16, 2017 at 8:09 am

      Agreed. Once that information is digital it can last forever and it can be hacked.

  6. Anonymous
    January 15, 2017 at 9:12 pm

    Any feed back on Viber!!

  7. Anon1
    January 16, 2017 at 9:03 am

    Regardless what social media app you use ALL are vulnerable to snooping, ALL.

    1. Anonymous
      January 16, 2017 at 10:43 am

      thats what theses idiots dont know…ALL!!!

Shares