WhatsApp Denies “Backdoor” Claim That Might Allow Snooping On Encrypted Messages: The Guardian reported a security vulnerability in Facebook-owned WhatsApp’s as ‘backdoor’ that could allow interception of the messages. Which means anyone including government can read your messages without you even knowing about it. Which is why their headline- “WhatsApp backdoor allows snooping on encrypted messages.” created an alarming situation.
But the encrypted messaging app owners have denied the claims calling it a false allegation.
They also mentioned that the issue was first notified by a researcher named Tobias Boelter in April 2016 and when he reported the same to Facebook then he was told that it was an ‘expected behavior’. Facebook didn’t pay attention to resolve the issue at that time and now the newspaper confirmed that the vulnerability still exists in the encrypted messaging app.
WhatsApp Denies “Backdoor” Claim That Might Allow Snooping On Encrypted Messages
WhatsApp has been the most famous platform for chatting and sharing comon data and security experts also praise it for the end to end encryption, which they rolled out last year in April 2016. The vulnerability was identified by Boelter and then reported on by The Guardian which creates a concern the way WhatsApp’s Signal implementation is done that allows the generation of a new encryption key for offline users. Boelter called it “retransmission vulnerability” and claimed it to be the route for message interception and read. Which leads to a potential backdoor in WhatsApp’s e2e encryption.
However, WhatsApp denied the characterization as the “backdoor” saying it was a part of design relating to the generation of a new encryption key to ensure message delivery so they don’t get lost when the user is offline.
“The Guardian’s story on an alleged “backdoor” in WhatsApp is false. WhatsApp does not give governments a “backdoor” into its systems. WhatsApp would fight any government request to create a backdoor.
Since April 2016, WhatsApp messages and calls are end-to-end encrypted by default. WhatsApp also offers people a security notifications feature that alerts them when people change keys so that they can verify who they are communicating with.
‘Like everything else in WhatsApp, it’s designed to be simple. We built end-to-end encryption with encryption as the default so not a single one of our 1 billion users has to turn on encryption. This is also true for people who delete and re-install WhatsApp or for those who change their phones. For some people, this can be a frequent occurrence as people manage data charges and phone storage, or share devices with family members.
We want to make sure that people in these situations do not lose access to messages sent to them while they are in the midst of reinstalling the app or changing their phones. Because a person’s encryption key is changed when WhatsApp is installed on a new phone or re-installed on an old device, we make sure those messages can eventually be read using the new key.
You can choose to be notified using the “Show Security Notifications” setting. When you have turned this setting on, WhatsApp will notify you every time the person you’re communicating with changes a key.
Of course, if you are concerned that you’re communicating with someone who isn’t who they say they are, there are things you can do. If you have “Show Security Notifications” enabled and receive a notification of a key change, send an initial message and wait for the blue checkmarks. You can then verify using a QR code or by comparing a 60-digit number.
WhatsApp published a technical white paper on its encryption design, and has been transparent about the government requests it receives, publishing data about those requests in the Facebook Government Requests Report.
We appreciate the interest people have in the security of their messages and calls on WhatsApp. We will continue to set the record straight in the face of baseless accusations about “backdoors” and help people understand how we’ve built WhatsApp with critical security features at such a large scale.
Most importantly, we’ll continue investing in technology and building simple features that help protect the privacy and security of messages and calls on WhatsApp.”