The latest trend in messaging apps is end to end encryption. It ensures that the messages are secure and can only be read by people who they are for. End to end encryption works on specific keys generated and Whatsapp claimed that the app offers security. However, the Guardian Newspaper reported that Whatsapp messages are not totally secure. It means that the apps claim “even our staff can’t intercept messages” is not true and the app is vulnerable.
The claim surfaced says that the loophole in Whatsapp messages could allow Facebook and any other service to read user Whatsapp messages. The way end to end encryption has been implemented in this allows Facebook and other apps to read the messages. This is a huge threat to the freedom of speech. A vulnerability of the sort can be made to use by government agencies as a backdoor to keep an eye on users who believe that their messages are secure. The app is trusted by many including activists, diplomats and other privacy concerned users. A lot of people believe that their texts are safe and secure. After all, the app has boasted its security as the unique selling point.
Key encryption can still let government snoop in your whatsapp messages
The breakdown of this security threat relies on real time key generation. End to end encryption foundation is on unique security codes that are generated in real time. The security keys are developed through the renowned “Signal protocol” which is made by Open Whisper Systems. The messages sent through Whatsapp are encrypted using the Signal protocol security keys which make sure that the texts being communicated aren’t intercepted while travelling on the network.
Now, the tiny hack that came forward in the research shows that Whatsapp can force-generate these encryption keys for offline users. The changes in encryption keys make the sender re-encrypt the texts with new keys. Some messages are then sent again which are not marked as delivered. The one receiving he messages is not aware of the changes in key encryption. The sender is notified of the changes only if they have opted-in the encryption warning in their settings (which we don’t do). They get notified only after the texts have been sent.
This rebroadcasting and re-encryption gives permission to Whatsapp to intercept and read user texts. Whatsapp messages are fully in control by the app through its encryption keys. If it is forced by government or in-house policies then it can read messages. Worse is that other agencies can read it as well. When the issue was brought to the limelight the company said that is does not give anyone permission to read messages through this backdoor. It would also fight any system or government that requests entrance through the backdoor.
Image via Missing tricks