'Backdoor' in WhatsApp's end-to-end encryption leaves messages open to interception [Updated]
Facebook has long-claimed that its WhatsApp messaging service is completely secure and messages cannot be intercepted thanks to its use of end-to-end encryption. But researchers have unearthed what they call a serious security flaw that makes it possible to read encrypted messages.
Based on Open Whisper Systems' Signal Protocol, the unique security keys used to implement end-to-end encryption should keep messages secure. But WhatsApp can force offline users to generate new keys and this could allow Facebook -- and third parties -- to read messages.
The problem is seen by some a serious one, as WhatsApp's supposed security has earned it a good deal of respect, and it is a communication tool that those who wish to remain anonymous have come to rely upon. Tobias Boelter, a security researcher at the University of California, discovered the problem. He says: "If WhatsApp is asked by a government agency to disclose its messaging records, it can effectively grant access due to the change in keys".
As the Guardian explains:
WhatsApp has the ability to force the generation of new encryption keys for offline users, unbeknown to the sender and recipient of the messages, and to make the sender re-encrypt messages with new keys and send them again for any messages that have not been marked as delivered.
The recipient is not made aware of this change in encryption, while the sender is only notified if they have opted-in to encryption warnings in settings, and only after the messages have been resent. This re-encryption and rebroadcasting effectively allows WhatsApp to intercept and read users’ messages.
The problem does not lie with the Signal protocol itself -- the issue is entirely related to how WhatsApp has implemented it. Despite the fact that Boelter reported the problem to Facebook last April, the 'backdoor' is still present. The company says that it is not actively working on it, and goes on to say that it is "expected behavior".
Privacy experts are concerned that WhatsApp is actually far less secure than users have been led to believe. Boelter says that people "might say that this vulnerability could only be abused to snoop on 'single' targeted messages, not entire conversations. This is not true if you consider that the WhatsApp server can just forward messages without sending the 'message was received by recipient' notification (or the double tick), which users might not notice. Using the retransmission vulnerability, the WhatsApp server can then later get a transcript of the whole conversation, not just a single message".
Speaking to the Guardian, a WhatsApp spokesperson remains adamant that security is high:
Over 1 billion people use WhatsApp today because it is simple, fast, reliable and secure. At WhatsApp, we've always believed that people's conversations should be secure and private. Last year, we gave all our users a better level of security by making every message, photo, video, file and call end-to-end encrypted by default. As we introduce features like end-to-end encryption, we focus on keeping the product simple and take into consideration how it's used every day around the world.
In WhatsApp's implementation of the Signal protocol, we have a "Show Security Notifications" setting (option under Settings > Account > Security) that notifies you when a contact’s security code has changed. We know the most common reasons this happens are because someone has switched phones or reinstalled WhatsApp. This is because in many parts of the world, people frequently change devices and sim cards. In these situations, we want to make sure people’s messages are delivered, not lost in transit.
Not everyone agrees that this should be classed as a 'backdoor'. Clearly WhatsApp believes that this is precisely how things should be, and Alec Muffett, a security researcher who has worked on Facebook’s engineering security infrastructure team, dismisses the notion as FUD, saying to Gizmodo:
I characterize the threat posed by such reportage as being fear and uncertainty and doubt on an 'anti-vaccination' scale. It is not a bug, it is working as designed and someone is saying it’s a ‘flaw’ and pretending it is earth shattering when in fact it is ignorable.
Gizmodo itself also dismisses the security issue:
Basically, what the Guardian is reporting as a 'backdoor' is actually an already well-known way to exploit encrypted messaging systems that is extremely difficult to pull off.
How you proceed is entirely up to you. You might be interested in reading the article How to protect yourself from the WhatsApp 'backdoor' if you are concerned.
A WhatsApp spokesperson has issued a statement in response to the original Guardian story:
The Guardian posted a story this morning claiming that an intentional design decision in WhatsApp that prevents people from losing millions of messages is a 'backdoor' allowing governments to force WhatsApp to decrypt message streams. ** This claim is false.**
WhatsApp does not give governments a 'backdoor' into its systems and would fight any government request to create a backdoor. The design decision referenced in the Guardian story prevents millions of messages from being lost, and WhatsApp offers people security notifications to alert them to potential security risks. WhatsApp published a technical white paper on its encryption design, and has been transparent about the government requests it receives, publishing data about those requests in the Facebook Government Requests Report.