24 January 2017
UPDATE (January 14, 2017)
Yesterday, we heard about the claims which flagged the popular messaging app WhatsApp of having a "backdoor" for government interruptions. However, WhatsApp and Facebook have denied the claims, saying that it is a design decision relating to messaging delivery, with new keys generated for offline users to ensure messages don't get lost in transit. Facebook wrote,
WhatsApp does not give governments a “backdoor” into its systems and would fight any government request to create a backdoor. The design decision referenced in the Guardian story prevents millions of messages from being lost, and WhatsApp offers people security notifications to alert them to potential security risks. WhatsApp published a technical white paper on its encryption design, and has been transparent about the government requests it receives, publishing data about those requests in the Facebook Government Requests Report.
WhatsApp is one of the most secure messaging apps as no one can access them. However, it seems that there is a backdoor that allows WhatsApp messages to be disclosed.
Facebook has claimed that no one can intercept WhatsApp messages when it turned on the end to end encryption protocol for its messages last year. It further stated that not even the company and its staff could read the messages ensuring privacy for its billion-plus users. However security researchers have discovered a security flaw in WhatsApp that can be used by Facebook and others to intercept the messages. The information can further be used by government agencies to snoop on users who believe their messages to be secure.
The report, published in The Guardian, is based on findings of a security researcher Tobias Boelter who said:
"If WhatsApp is asked by a government agency to disclose its messaging records, it can effectively grant access due to the change in keys"
Tobias Boelter further stated that he had already warned Facebook about the security flaw last year. The company, at that time, said that it was looking into the issue and would soon fix it. He also stated that:
“[Some] might say that this vulnerability could only be abused to snoop on ‘single’ targeted messages, not entire conversations. This is not true if you consider that the WhatsApp server can just forward messages without sending the ‘message was received by recipient’ notification (or the double tick), which users might not notice. Using the retransmission vulnerability, the WhatsApp server can then later get a transcript of the whole conversation, not just a single message.”