How to protect yourself from the WhatsApp 'backdoor'
Earlier today we reported about a security problem in WhatsApp that means it is possible for messages to be intercepted and read by others. The so-called 'backdoor' takes advantage of the fact that WhatsApp's implementation of end-to-end encryption makes it possible to resend encrypted messages using different security keys, allowing for third parties to read them.
What is concerning many people is the fact that (by default, at least) WhatsApp does not alert users when a message is resent using a different key -- which would be a warning of something going on. Here's what you need to do to ensure you are told when the key changes.
Despite being built on the Signal protocol, WhatsApp works in a slightly different way to other communication tools that use the same protocol. It is possible to receive a notification whenever the security key used in a conversation changes so you can consider taking action -- such as moving to a more secure messaging tool.
- Fire up WhatsApp and open up Settings.
- Within Settings, head to Account, and then go to the Security section.
- Enable the option labeled Show security notifications.
As the app explains:
Turn on this setting to receive notifications when a contact's security code has changed. Your calls and the messages you send and your calls are encrypted regardless of this setting, when possible.
But if you are concerned about security, perhaps it is time to move on from WhatsApp to something with better credentials.
A WhatsApp spokesperson has issued a statement in response to the original Guardian story:
The Guardian posted a story this morning claiming that an intentional design decision in WhatsApp that prevents people from losing millions of messages is a 'backdoor' allowing governments to force WhatsApp to decrypt message streams. ** This claim is false.**WhatsApp does not give governments a 'backdoor' into its systems and would fight any government request to create a backdoor. The design decision referenced in the Guardian story prevents millions of messages from being lost, and WhatsApp offers people security notifications to alert them to potential security risks. WhatsApp published a technical white paper on its encryption design, and has been transparent about the government requests it receives, publishing data about those requests in the Facebook Government Requests Report. (https://govtrequests.facebook