Categories: News

WhatsApp’s reported vulnerability is actually a security feature

The reported “back door” which can give access to others to intercept WhatsApp messages is not a vulnerability but a security feature of encryption from WhatsApp.

The Guardian’s report on the backdoor which can allow Facebook and others to intercept and read encrypted messages spooked everyone yesterday. The issue was the inability of users to understand why encryption key changes itself whenever someone switches phone, changes one’s phone number or re-installs the app.

The Guardian reported this change of encryption key to be a security loophole which can give others and government access to users’ messages and information.

WhatsApp statement

WhatsApp responded that it is not a security loophole and it’s very disappointing how Guardian misled users. This is actually how the cryptography works. The statement reads,

“WhatsApp’s encryption uses Signal Protocol, as detailed in the technical whitepaper. In systems that deploy Signal Protocol, each client is cryptographically identified by a key pair composed of a public key and a private key. The public key is advertised publicly, through the server, while the private key remains private on the user’s device.

This identity key pair is bound into the encrypted channel that’s established between two parties when they exchange messages, and is exposed through the “safety number” (aka “security code” in WhatsApp) that participants can check to verify the privacy of their communication.

Most end-to-end encrypted communication systems have something that resembles this type of verification, because otherwise an attacker who compromised the server could lie about a user’s public key, and instead advertise a key which the attacker knows the corresponding private key for. This is called a “man in the middle” attack, or MITM, and is endemic to public key cryptography, not just WhatsApp.

WhatsApp does not give governments a “backdoor” into its systems and would fight any government request to create a backdoor. The design decision referenced in the Guardian story prevents millions of messages from being lost, and WhatsApp offers people security notifications to alert them to potential security risks. WhatsApp published a technical white paper on its encryption design and has been transparent about the government requests it receives, publishing data about those requests in the Facebook Government Requests Report.”

WhatsApp users should turn on security notifications by accessing Settings > Account > Security to avoid any security risk.

Sponsored
Maheen Kanwal

Maheen Kanwal is a Tech Journalist at TechJuice. She covers the latest technological, telecom and business related, local & global news. (Reach at maheen@techjuice.pk)

Share
Published by
Maheen Kanwal

Recent Posts

Rs158 Billion Spent on Importing Mobile Phones to Pakistan in the Last Five Months

According to data from the Pakistan Bureau of Statistics (PBS), Pakistan imported mobile phones worth…

45 mins ago

EU Concerns Over Pakistan’s Military Court Sentences May Impact GSP+ Trade Benefits

The European Union (EU) has expressed concern over the recent convictions of 25 civilians by…

1 hour ago

SBP Announces December 25 as a Bank Holiday

The State Bank of Pakistan (SBP) has officially declared Wednesday, December 25, 2024, as a…

2 hours ago

Greentree Holdings Ltd Aims for 35% Stake in TRG Pakistan

AKD Securities, the manager of the offer, informed the main stock exchange on Monday that…

2 hours ago

PTV Faces Criticism Over Misleading Chemotherapy Statements

ISLAMABAD: On Pakistan Television (PTV), medical experts raised serious concerns over false information on chemotherapy…

3 hours ago

OpenAI Rolls Out Advanced Voice Mode for macOS ChatGPT App

OpenAI has introduced Advanced Voice Mode to ChatGPT's desktop applications for macOS apps, enabling users…

3 hours ago