Lahore (Online): As company had claimed Whatsapp messages are secure that even staff couldn’t intercept it, actually aren’t secure, Guardian Nespaper today reported.
There’s an ambiguity in Whatsapp that could allow Facebook and others to intercept and read your Whatsapp messages, paper revealed.
According to a new research, the paper said that Facebook or others could read Whatsapp messages due to the way it has implemented its end-to-end encryption.
Paper claims that these new finding means a “huge threat to freedom of speech” and that this vulnerability could be used by government agencies as a backdoor to keep an eye on users who believe their Whatsapp messages to be secure.
As a top selling point, Whatsapp has always boosted its security and was used by majority of activists, diplomats and other privacy-concerned users while considering it as a safe and secure platform.
Whatapp’s continuous encryption relies on unique security keys that are generated in real time. These security keys are generated through famous “Signal protocol”, developed by Open Whisper Systems.
When communicated, Whatsapp messages are encrypted while using these security keys to make sure that such communication isn’t intercepted while its travelling on the network.
However, WhatsApp can force-generate new encryption keys for offline users according to this new research.
This change in encryption keys makes the sender re-encrypt messages with new keys and send some messages again that were not marked as delivered.
The recipient is not made aware of this change in encryption, while the sender is only notified if they have opted-in to encryption warnings in settings, and only after the messages have been re-sent.
This re-encryption and rebroadcasting effectively allows WhatsApp to intercept and read users’ messages.
This essentially means that Whatsapp has a control over encryption keys, and if its forced by government or in-house policies, it could read user messages or even worse let anyone read them.
In response to the report said, WhatsApp, does not give governments a ‘backdoor’ into its systems and would fight any government request to create a backdoor.