A security researcher has found a backdoor in the end-to-end encryption system that is being used by the WhatsApp application. It seems that this vulnerability is allowing Facebook to read messages that are sent via this “secured” system, allowing the company to comply with court orders to make messages available for the government.
We remind you that end-to-end encryption was assuring that not even the company that’s operating the service can decrypt the messages that you send or receive. Unfortunately, this service seems to include a major security hole that will disappoint many users.
Tobias Boelter, security researcher at University of California, Berkeley, has discovered that WhatsApp is able to force a change of encryption key while offline. In other words, any unsent message will then be transmitted with the new key. By using the default application settings, neither the sender nor the recipient will know that someone have read their messages.
So yeah, this kind of “re-encryption” and rebroadcasting is allowing the developers of WhatsApp to intercept and read users’ messages. We remind you that the WhatsApp application is based on the Signal protocol created by Open Whisper System, but what’s strange is that this vulnerability doesn’t exist in the Signal application and now the question is how this security issue is present only on the WhatsApp application.
This is surely a big problem, as WhatsApp has held a campaign where it has mentioned that the end-to-end encryption will not allow them to access users’ messages. If WhatsApp is now able to view conversations between users, this means that the government will be able to ask for any message that has been sent by a specific user.
What are your thoughts about WhatsApp’s end-to-end encryption feature? Do you feel safe to talk about anything on WhatsApp without worrying that the Government will want to read your messages?