Facebook's WhatsApp took a step further to protect its users' privacy by encrypting all messages and calls made using its app. However, reports suggest that WhatsApp may not be as secure as everybody perceived it to be.
The Guardian said that there is a serious flaw in WhatsApp that allows Facebook to intercept any message or call, without the users knowing it. The only prompt for a security breach is available if WhatsApp users previously allowed their phones to receive notifications.
According to University of California cryptography and security researcher Tobias Boelter, WhatsApp can be exploited by changing the security key and resending the message. This workaround can virtually make WhatsApp accessible, including those privileged calls and messages.
Boelter explained that WhatsApp uses the random generation of security keys to ensure end-to-end encryption. However, offline users can force WhatsApp to generate new encryption keys, thus making the messages vulnerable to middlemen. These WhatsApp messages can be sent again, especially those that have not been marked as delivered.
Make no mistake about it, there is no evidence to suggest that WhatsApp has intentionally used the exploit to intercept messages. Even Facebook was informed about this flaw but replied that this app behavior is "acceptable." Meaning, there is no stopping WhatsApp from resending undelivered messages even without the authorization of users. The WhatsApp website also clears that there is no remedy yet to turn off this end-to-end encryption.
Meanwhile, WhatsApp stressed that it is not giving any backdoor access to governments or any entities for those private messages and calls. The current system has saved millions of undelivered messages from being lost since they will be sent automatically anyway, WhatsApp added.
Here is a word of advice for WhatsApp users, though; head to your account security settings and turn on that "show security notifications" toggle. After all, it doesn't hurt to know if someone messed with your messages even if WhatsApp has no indication of being compromised.
© Copyright 2024 Mobile & Apps, All rights reserved. Do not reproduce without permission.