Sharing is caring!

A few days ago there were made serious accusations, but WhatsApp denied leaving a backdoor for the government to have access to user’s conversations. It is known that this application has introduced end-to-end encryption, a feature that makes sure that only the sender and the recipient can read messages, but Edward Snowden has revealed that people all over the world are surveilled by the US Government and its allies.

E2EE (end-to-end encryption) was introduced in November 2014 using Signal protocol, and Snowden has assured that it’s safe for communication, but recently, the Guardian newspaper claimed that the application has a backdoor and users’ conversations are exposed to potential snooping. The newspaper has accused WhatsApp that it’s aware of a vulnerability related to the way the application handles a change of encryption key and that users are not notified when the encryption key has been changed. In addition, if users are offline and they receive messages, they are automatically re-encrypted with the new key, then they’re being resent.

The problem is that hackers could take control of a WhatsApp server and make changes to the encryption key, then install itself as a relay point. This way, they could intercept and read re-encrypted messages – those that have been resent. And if users don’t turn on the key change notifications, they don’t even know that their messages are being exposed.

On the other hand, the Signal app notifies users when there are made encryption key, but messages are not automatically re-encrypted and resent. In WhatsApp’s case, the Government could force WhatsApp to disclose messaging records and the company would grant access. Tobias Boelter, cryptography and security researcher at the University of California, from Berkeley, claims that WhatsApp hasn’t fixed the issue that was “expected behavior”, but in short time after the report was published by Guardian, the company has issued a statement and said that “WhatsApp does not give governments a ‘backdoor’ into its systems and would fight any government request to create a backdoor.”