Categories: News

WhatsApp’s reported vulnerability is actually a security feature

The reported “back door” which can give access to others to intercept WhatsApp messages is not a vulnerability but a security feature of encryption from WhatsApp.

The Guardian’s report on the backdoor which can allow Facebook and others to intercept and read encrypted messages spooked everyone yesterday. The issue was the inability of users to understand why encryption key changes itself whenever someone switches phone, changes one’s phone number or re-installs the app.

The Guardian reported this change of encryption key to be a security loophole which can give others and government access to users’ messages and information.

WhatsApp statement

WhatsApp responded that it is not a security loophole and it’s very disappointing how Guardian misled users. This is actually how the cryptography works. The statement reads,

“WhatsApp’s encryption uses Signal Protocol, as detailed in the technical whitepaper. In systems that deploy Signal Protocol, each client is cryptographically identified by a key pair composed of a public key and a private key. The public key is advertised publicly, through the server, while the private key remains private on the user’s device.

This identity key pair is bound into the encrypted channel that’s established between two parties when they exchange messages, and is exposed through the “safety number” (aka “security code” in WhatsApp) that participants can check to verify the privacy of their communication.

Most end-to-end encrypted communication systems have something that resembles this type of verification, because otherwise an attacker who compromised the server could lie about a user’s public key, and instead advertise a key which the attacker knows the corresponding private key for. This is called a “man in the middle” attack, or MITM, and is endemic to public key cryptography, not just WhatsApp.

WhatsApp does not give governments a “backdoor” into its systems and would fight any government request to create a backdoor. The design decision referenced in the Guardian story prevents millions of messages from being lost, and WhatsApp offers people security notifications to alert them to potential security risks. WhatsApp published a technical white paper on its encryption design and has been transparent about the government requests it receives, publishing data about those requests in the Facebook Government Requests Report.”

WhatsApp users should turn on security notifications by accessing Settings > Account > Security to avoid any security risk.

Sponsored
Maheen Kanwal

Maheen Kanwal is a Tech Journalist at TechJuice. She covers the latest technological, telecom and business related, local & global news. (Reach at maheen@techjuice.pk)

Share
Published by
Maheen Kanwal

Recent Posts

Teachers Can Now Access OpenAI’s Free AI Course

OpenAI, in collaboration with nonprofit organization Common Sense Media, announced on Wednesday the launch of…

54 mins ago

WhatsApp-Inspired Updates Under Testing in Google Messages

Google is exploring a revamped image-sharing interface in its Messages app, taking cues from WhatsApp…

1 hour ago

Create AI Video Backgrounds with YouTube Shorts’ Dream Screen

When it comes to online video streaming, YouTube is among the most well-known options. Every…

1 hour ago

Telecom Operators to Automatically Restore SIMs for Tax Filers

The Federal Board of Revenue (FBR) has introduced a comprehensive mechanism for blocking and unblocking…

3 hours ago

Trump’s Influence Fuels Bitcoin to Cross $100,000

Bitcoin broke the $100,000 mark for the first time on Thursday, driven by Trump's crypto-friendly…

3 hours ago

PSX Hits New Heights, Surges by 1,800 Points to Cross 97,000

On Thursday, the Pakistan Stock Exchange (PSX) 100 Index surged by 1,781.94 points, or 1.86%,…

4 hours ago