TechViews News …..
The recently discovered WhatsApp vulnerability is being proclaimed as a ‘huge threat to freedom of speech’. A security backdoor that can be used to allow Facebook and others to intercept and read encrypted messages has been found within its messaging service.
New research shows that Facebook, it’s advertisers, as well as government agencies could in fact read messages due to the way WhatsApp has implemented its end-to-end encryption protocol.
That means that if you are using WhatsApp with the intention of having private, encrypted messages, you’re out of luck.
WhatsApp’s end-to-end encryption relies on the generation of unique security keys that are traded and verified between users to guarantee communications are supposedly secure and cannot be intercepted by a middleman. But new research shows that WhatsApp isn’t secure at all.
WhatsApp has the ability to force new encryption keys for offline users, unbeknown to the sender and recipient of the messages, and to make the sender attempt to resend messages with new keys, unencrypted, for any messages that have not been marked as delivered. This re-encryption and rebroadcasting effectively allows WhatsApp to intercept and read users’ messages.
The security backdoor was discovered by Tobias Boelter, a cryptography and security researcher at the University of California, Berkeley.
Boelter reported the backdoor vulnerability to Facebook in April 2016, but was told that Facebook was aware of the issue, and wasn’t being actively worked on it.
Steffen Tor Jensen, head of information security and digital counter-surveillance at the European-Bahraini Organisation for Human Rights, verified Boelter’s findings. He said: “WhatsApp can effectively continue flipping the security keys when devices are offline and re-sending the message, without letting users know of the change till after it has been made, providing an extremely insecure platform.”
The vulnerability calls into question the privacy of messages sent across the service, which is used around the world, including by people living in oppressive regimes.
Professor Kirstie Ball, co-director and founder of the Centre for Research into Information, Surveillance and Privacy, called the existence of a backdoor within WhatsApp’s encryption “a gold mine for security agencies” and “a huge betrayal of user trust”. She added: “It is a huge threat to freedom of speech, for it to be able to look at what you’re saying if it wants to.:”
“Uninformed consumers will say, I’ve got nothing to hide, but you don’t know what information is looked for and what connections are being made.”
Jim Killock, executive director of Open Rights Group, said: “If companies claim to offer end-to-end encryption, they should come clean if it is found to be compromised – whether through deliberately installed backdoors or security flaws.”
Be Safe – Backup Your Data Regularly!
Tell us what you think in the space below. And please Subscribe (for free) on the right panel to receive our weekly newsletter, along with article updates as soon as they are published.