Categories: News

WhatsApp’s reported vulnerability is actually a security feature

The reported “back door” which can give access to others to intercept WhatsApp messages is not a vulnerability but a security feature of encryption from WhatsApp.

The Guardian’s report on the backdoor which can allow Facebook and others to intercept and read encrypted messages spooked everyone yesterday. The issue was the inability of users to understand why encryption key changes itself whenever someone switches phone, changes one’s phone number or re-installs the app.

The Guardian reported this change of encryption key to be a security loophole which can give others and government access to users’ messages and information.

WhatsApp statement

WhatsApp responded that it is not a security loophole and it’s very disappointing how Guardian misled users. This is actually how the cryptography works. The statement reads,

“WhatsApp’s encryption uses Signal Protocol, as detailed in the technical whitepaper. In systems that deploy Signal Protocol, each client is cryptographically identified by a key pair composed of a public key and a private key. The public key is advertised publicly, through the server, while the private key remains private on the user’s device.

This identity key pair is bound into the encrypted channel that’s established between two parties when they exchange messages, and is exposed through the “safety number” (aka “security code” in WhatsApp) that participants can check to verify the privacy of their communication.

Most end-to-end encrypted communication systems have something that resembles this type of verification, because otherwise an attacker who compromised the server could lie about a user’s public key, and instead advertise a key which the attacker knows the corresponding private key for. This is called a “man in the middle” attack, or MITM, and is endemic to public key cryptography, not just WhatsApp.

WhatsApp does not give governments a “backdoor” into its systems and would fight any government request to create a backdoor. The design decision referenced in the Guardian story prevents millions of messages from being lost, and WhatsApp offers people security notifications to alert them to potential security risks. WhatsApp published a technical white paper on its encryption design and has been transparent about the government requests it receives, publishing data about those requests in the Facebook Government Requests Report.”

WhatsApp users should turn on security notifications by accessing Settings > Account > Security to avoid any security risk.

Sponsored
Maheen Kanwal

Maheen Kanwal is a Tech Journalist at TechJuice. She covers the latest technological, telecom and business related, local & global news. (Reach at maheen@techjuice.pk)

Leave a Comment
Share
Published by
Maheen Kanwal

Recent Posts

Sukkur IBA Sets Seven Conditions for Conducting MDCAT

The Secretary of the Sukkur IBA Testing Agency has formally requested urgent action from the…

20 mins ago

PSEB Opens Bidding for Nationwide e-Rozgar Centers

The Pakistan Software Export Board (PSEB) has launched a nationwide program to encourage IT startups…

51 mins ago

Google Play Services Bug Disrupts Access to Apps for Pixel Users: Here’s How to Fix It

A significant issue with Google Play Services has left many Pixel users unable to access…

56 mins ago

WhatsApp Beta Partners with Google for Innovative Image Search Feature

When it comes to Android messaging apps, WhatsApp stands out as one of the best.…

2 hours ago

Farrukh Sabzwari Appointed as CEO of PSX, Set to Serve for Three Years

Farrukh H. Sabzwari has been appointed Chief Executive Officer (CEO) of Pakistan Stock Exchange Company…

2 hours ago

250 Government Schools to Be Run by Private Sector

RAWALPINDI: The chairman of the Punjab Education Foundation, Malik Shoaib Awan, stated on Monday that…

4 hours ago