WhatsApp Vulnerability Allows Snooping On Encrypted Messages

Megalith

Megalith

24-bit/48kHz
Staff member
Joined
Aug 20, 2006
Messages
13,000
No one can intercept WhatsApp messages, not even the company and its staff—except when it turns out you actually can. A cryptography and security researcher has found that the program may generate new encryption keys for unsent messages. During this process, the message is no longer safe from prying eyes.

…WhatsApp has the ability to force the generation of new encryption keys for offline users, unbeknown to the sender and recipient of the messages, and to make the sender re-encrypt messages with new keys and send them again for any messages that have not been marked as delivered. The recipient is not made aware of this change in encryption, while the sender is only notified if they have opted-in to encryption warnings in settings, and only after the messages have been re-sent. This re-encryption and rebroadcasting effectively allows WhatsApp to intercept and read users’ messages.
 
A default off for notifications when your key is changed, I sure hope that wasn't intentional (or maybe I should).
 
There are more than likely several backdoors in all these types of apps.

If I was a dev I would purposely build in several clever hidden backdoors to provide to high paying customers / countries. Why wouldn't I ? In fact we should all assume that the US Government works very closely with devs of these types of apps to provide backdoors in the first place of course in the name of national security, organized crime, etc.

Rule of thumb - Anytime an app comes out that says it's 'secure' then it should be assumed it's completely and totally not secure for the above stated reasons.
 
now that its owned by Fecesbook, i wouldn't be surprised if there are many "vulnerabilities" built in! At no extra cost!

Its a real shame because even though i was late to the boat on using this app (end of 2013 i first used it), it was a really well done, no bulls*** application that is rare these days. no bloat. NO crap. just well dont features and functionality. Still looks like it now, but my trust level is way down given the buyout to Fecesbook as mentioned.
 
  • Like
Reactions: Meeho
like this
WhatsApp uses Open Whisper Systems software and they have come out to defend WhatsApp, saying that there is no "backdoor". I haven't seen anyone refute the claims made in Open Whisper Systems defense of them, yet.
 
You must log in or register to reply here.
Back
Top