How WhatsApp vulnerability allows snooping on encrypted messages, and why it may be a big deal
Security researcher who discovered problem says if WhatsApp is asked by a government agency to disclose its messaging records, it can effectively grant access due to change in security keys
A security vulnerability that can be used to allow Facebook users and others to intercept and read encrypted messages has been found in its WhatsApp messaging service.
Facebook claims that no one can intercept WhatsApp messages, not even the company and its staff, ensuring privacy for its billion-plus users. But new research shows that the company could in fact read messages due to the way WhatsApp has implemented its end-to-end encryption protocol.
Privacy campaigners said the vulnerability is a “huge threat to freedom of speech” and warned it could be used by government agencies as a back door to snoop on users who believe their messages to be secure.
WhatsApp has made privacy and security a primary selling point, and has become a go-to communications tool of activists, dissidents and diplomats.
WhatsApp’s end-to-end encryption relies on the generation of unique security keys, using the acclaimed Signal protocol, developed by Open Whisper Systems, that are traded and verified between users to guarantee communications are secure and cannot be intercepted by a third party.