Last year WhatsApp enabled end-to-end encryption on its chat platform, making them unreadable for anyone who might want to hack the data transfer from your device to the person on the receiving end. However today a damning report has been published by British news service The Guardian which reveals that the chat service has a security backdoor that makes it possible for Facebook (which owns WhatsApp) and perhaps others to read the ‘encrypted’ messages sent through the service.
This is different from WhatsApp’s own position in which the company claims no one including the service’s online employees can read messages sent through it. The interception is made possible when WhatsApp forces the generation of new encryption keys for users who are offline without the knowledge of both sender and receiver of the message. The service re-encrypts the messages through the sender and tries to resend the messages that could not be delivered earlier. During this process WhatsApp has the ability to intercept and read the contents of the messages without the knowledge of the users involved. While the sender can manually enable the option that would notify him or her if this happens, there is no way for the recipient to know when WhatsApp re-encrypts the message.
This security flaw or perhaps a deliberately added backdoor in how WhatsApp handles encryption on its platform means WhatsApp can give government agencies access to user’s messages due to change in keys. Interestingly the backdoor found in WhatsApp’s encryption is not part of the Open Whisper Systems’ Signal protocol that is used by the service. Instead of automatically re-sending the message with a new key like WhatsApp, the protocol also followed by the popular Signal app does not send the message to a user who is offline, and shows a message delivery failed message to the sender.
This weakness in WhatsApp messaging service, that is used by over a billion users worldwide has raised major concerns among privacy campaigners who believe this exploit in WhatsApp is a huge threat to freedom of speech.
According to Tobias Boelter, who was the first to discover the backdoor Facebook was informed about it in April, 2016 however the company said it was aware of the issue and it is the ‘expected behavior’. The company said it is not something that it is working on fixing.