The rollout of default encryption to all WhatsApp users worldwide came hot on the heels of U.S. government court battle with Apple over the hacking of a terror suspect iPhone. Apple stuck to its guns that it would not infringe on users privacy, and it later emerged the U.S. government was somehow able to break the encryption.
The availability of encryption to all WhatsApp users came in an almost too timely manner. No doubt, the messaging app won over more users during that season, with the ongoing case being a free publicity for their new feature.
However, it is now emerging that WhatsApp could not be as secure as users might think. There is actually a backdoor, which Facebook (the owners of WhatsApp) could use to intercept and read users so called encrypted messages. If Facebook can read your messages, then it also means governments and any other third parties with enough resources and will can do so too.
This revelation was by Tobias Boelter, a cryptography and security researcher at the University of California, Berkeley. Boelter unveiled that in fact, Facebook can read messages you send on WhatsApp because of the way the end-to-end encryption protocol on WhatsApp is implemented.
At the onset of the encryption feature, WhatsApp made it the selling point of its messaging app. It appealed to the needs of users cautious about their online privacy and security. With this news, it would not be inappropriate to say WhatsApp duped users into flocking to their platform in the belief their online privacy and security is guaranteed.
Privacy campaigners are saying this supposed vulnerability is a “huge threat to freedom of speech”. The Guardian explains it as follows:
“WhatsApp’s end-to-end encryption relies on the generation of unique security keys, using the acclaimed Signal protocol, developed by Open Whisper Systems, that are traded and verified between users to guarantee communications are secure and cannot be intercepted by a middleman. However, WhatsApp has the ability to force the generation of new encryption keys for offline users, unbeknown to the sender and recipient of the messages, and to make the sender re-encrypt messages with new keys and send them again for any messages that have not been marked as delivered.
The recipient is not made aware of this change in encryption, while the sender is only notified if they have opted-in to encryption warnings in settings, and only after the messages have been re-sent. This re-encryption and rebroadcasting effectively allows WhatsApp to intercept and read users’ messages.”