Best Security Search
Security News

WhatsApp Is Not So Secure as You Might Think

Security experts have discovered that the popular WhatsApp has not handled the conversations over the service in the most secure manner.

WhatsApp Identified As Insecure

Security experts and specialist media report that WhatsApp’s security implementation has not been able to secure the carried communications in the most secure manner. A backdoor has been discovered in the application which leaves the private chats vulnerable to spying from third parties like Facebook and law enforcement and intelligence authorities.

The service uses the secure Signal protocol to generate unique keys for the end-to-end encrypted messages. However it was found that WhatsApp also has additional features that allows for the forced generation of new encryption keys which are used for offline users. When such an update is forced all undelivered messages are automatically re-encrypted and sent using the new keys without the consent or knowledge of the sender. This fact allows for the communication to be retrieved and read without any problems.

This is a potential cause for hacker attacks against the users of the messaging service. The issue has been categorized as a flaw that revolves around the inability of the users to block messages from being sent when such changes are detected and processed WhatsApp. The vulnerability was reported to Facebook in April 2016 however the problem was deemed as a bug. Since then Facebook has commented on the issue by posting the following statement:

Over one billion people use WhatsApp today because it is simple, fast, reliable and secure. At WhatsApp, we’ve always believed that people’s conversations should be secure and private. Last year, we gave all our users a better level of security by making every message, photo, video, file and call end-to-end encrypted by default.

In WhatsApp’s implementation of the Signal protocol, we have a “Show Security Notifications” setting (option under Settings > Account > Security) that notifies you when a contact’s security code has changed. We know the most common reasons this happens are because someone has switched phones or reinstalled WhatsApp. This is because in many parts of the world, people frequently change devices and Sim cards. In these situations, we want to make sure people’s messages are delivered, not lost in transit.

It is true that the bug is not something new having been known since last year. However the problem is still ongoing and WhatsApp has not updated the service or the application to mitigate the flaw.

Martin Beltov

Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.