Facebook has long-claimed that its WhatsApp messaging service is completely secure and messages cannot be intercepted thanks to its use of end-to-end encryption. But researchers have unearthed a serious security flaw that makes it possible to read encrypted messages.
Based on Open Whisper Systems’ Signal Protocol, the unique security keys used to implement end-to-end encryption should keep messages secure. But WhatsApp can force offline users to generate new keys and this could allow Facebook — and third parties — to read messages.
The problem is a serious one, as WhatsApp’s supposed security has earned it a good deal of respect, and it is a communication tool that those who wish to remain anonymous have come to rely upon. Tobias Boelter, a security researcher at the University of California, discovered the security problem. He says: “If WhatsApp is asked by a government agency to disclose its messaging records, it can effectively grant access due to the change in keys”.
As the Guardian explains:
WhatsApp has the ability to force the generation of new encryption keys for offline users, unbeknown to the sender and recipient of the messages, and to make the sender re-encrypt messages with new keys and send them again for any messages that have not been marked as delivered.
The recipient is not made aware of this change in encryption, while the sender is only notified if they have opted-in to encryption warnings in settings, and only after the messages have been resent. This re-encryption and rebroadcasting effectively allows WhatsApp to intercept and read users’ messages.
The problem does not lie with the Signal protocol itself — the issue is entirely related to how WhatsApp has implemented it. Despite the fact that Boelter reported the problem to Facebook last April, the backdoor is still present. The company says that it is not actively working on it, and goes on to say that it is “expected behavior”.
Privacy experts are concerned that WhatsApp is actually far less secure than users have been led to believe. Boelter says that people “might say that this vulnerability could only be abused to snoop on ‘single’ targeted messages, not entire conversations. This is not true if you consider that the WhatsApp server can just forward messages without sending the ‘message was received by recipient’ notification (or the double tick), which users might not notice. Using the retransmission vulnerability, the WhatsApp server can then later get a transcript of the whole conversation, not just a single message”.
Speaking to the Guardian, a WhatsApp spokesperson remains adamant that security is high:
Over 1 billion people use WhatsApp today because it is simple, fast, reliable and secure. At WhatsApp, we’ve always believed that people’s conversations should be secure and private. Last year, we gave all our users a better level of security by making every message, photo, video, file and call end-to-end encrypted by default. As we introduce features like end-to-end encryption, we focus on keeping the product simple and take into consideration how it’s used every day around the world.
In WhatsApp’s implementation of the Signal protocol, we have a “Show Security Notifications” setting (option under Settings > Account > Security) that notifies you when a contact’s security code has changed. We know the most common reasons this happens are because someone has switched phones or reinstalled WhatsApp. This is because in many parts of the world, people frequently change devices and sim cards. In these situations, we want to make sure people’s messages are delivered, not lost in transit.