The reported “back door” which can give access to others to intercept WhatsApp messages is not a vulnerability but a security feature of encryption from WhatsApp.
The Guardian’s report on the backdoor which can allow Facebook and others to intercept and read encrypted messages spooked everyone yesterday. The issue was the inability of users to understand why encryption key changes itself whenever someone switches phone, changes one’s phone number or re-installs the app.
The Guardian reported this change of encryption key to be a security loophole which can give others and government access to users’ messages and information.
WhatsApp responded that it is not a security loophole and it’s very disappointing how Guardian misled users. This is actually how the cryptography works. The statement reads,
“WhatsApp’s encryption uses Signal Protocol, as detailed in the technical whitepaper. In systems that deploy Signal Protocol, each client is cryptographically identified by a key pair composed of a public key and a private key. The public key is advertised publicly, through the server, while the private key remains private on the user’s device.
This identity key pair is bound into the encrypted channel that’s established between two parties when they exchange messages, and is exposed through the “safety number” (aka “security code” in WhatsApp) that participants can check to verify the privacy of their communication.
Most end-to-end encrypted communication systems have something that resembles this type of verification, because otherwise an attacker who compromised the server could lie about a user’s public key, and instead advertise a key which the attacker knows the corresponding private key for. This is called a “man in the middle” attack, or MITM, and is endemic to public key cryptography, not just WhatsApp.
WhatsApp does not give governments a “backdoor” into its systems and would fight any government request to create a backdoor. The design decision referenced in the Guardian story prevents millions of messages from being lost, and WhatsApp offers people security notifications to alert them to potential security risks. WhatsApp published a technical white paper on its encryption design and has been transparent about the government requests it receives, publishing data about those requests in the Facebook Government Requests Report.”
WhatsApp users should turn on security notifications by accessing Settings > Account > Security to avoid any security risk.
Capable of conversing in both Chinese and English, Tencent’s large language model ‘Hunyuan’ is claimed…
Working on multiple AI models, Apple has allocated several teams who are working on artificial…
The world's largest offshore wind turbine has achieved a milestone by setting a new record…
YouTube is stepping into the world of gaming. YouTube has started testing out its gaming…
In a remarkable academic achievement, Abdullah Zaman, a Pakistani student hailing from Attock, has clinched…
Flying Bum, the world's largest aircraft is ready to launch in 2026. The Airlander 10…
Leave a Comment