WhatsApp vulnerability: Encryption backdoor or convenience feature?

File photo illustration photo shows a WhatsApp App logo’s on a mobile phone in Sao Paulo, Brazil, Dec. 16, 2015. (REUTERS/Nacho Doce/File Photo)

The government, as it turns out, can WhatsApp to intercept texts as well as the wild, a new report revealed a few days ago. That is, even if Facebook is the most popular chat app is end-to-end encrypted. Some people call this feature of an encryption backdoor, while Facebook and WhatsApp have defended against such claims, saying that the vulnerability is actually a convenient feature for users.

Tobias Boelter, the person who thought that the WhatsApp hack, wrote an extensive piece in The Guardian in which he explains why the vulnerability that affects users, especially those people who would be assumed objectives of the government surveillance.

The security problem (or feature) makes use of a few WhatsApp.

First, when a message is sent, but not delivered to the recipient (you see a single tick on your sent message), WhatsApp servers will hold on to the message until it can be delivered, regardless of what happens with the host account.

More From BGR

  • Whatsapp bug allows viewing of encrypted messages

  • The EU is going after Facebook for misleading information during WhatsApp buy

  • Hackers have a new way to steal your bank login with WhatsApp

Second, if a person — we’ll call him Jay — lose a smartphone, you buy a new or changes SIMs, but want to keep same WhatsApp account, the application notifies all of Jay’s contacts that their friend is changed appliances, and an in-person security check may be asked for verification of his identity.

Now, here is where the backdoor/function steps in. The messages sent by all of Jay’s friends via WhatsApp is yet to come, when his friends see you in two ticks under sent messages, the highlighting of the fact that the messages are sent.

Boelter explains that the government has to do to spy on a specific friend of Jay’s — we call him Silent Bob — is to do as Jay’s phone with the help of advanced equipment or by the access to the servers of WhatsApp. The government would then prevent the server from sending the confirmation, tap Silent Bob, that are messages that are sent to Jay.

Jay, meanwhile, will not receive these messages, they are sent to the government devices. But Jay would soon realize that something is wrong with the WhatsApp app.

The core is that Silent Bob will continue to send messages to his friend, who think that Jay has not seen the messages. The government would then collect that data.

The security researcher claims that Facebook and WhatsApp would preserve all messages that are sent to an account is activated on a new device, and prompt the senders to send them again if they want to do it. Even if it’s a hassle for the user, who sent messages. In this case, Silent Bob’s messages that are in transit, should confirmation be sent to Jay.

In practice, the government would not be able to snoop on messages, see the history, and other data in real-time. And it would be incredibly lucky to score insightful information in this way.

Still, Boelter revealed that WhatsApp’s end-to-end encryption can be fooled. A video showing the hack below, while Boelter detailed explanation is available here.

Follow us

Don't be shy, get in touch. We love meeting interesting people and making new friends.

Most popular