Reported “backdoor” in WhatsApp is in fact a feature, defenders say

WhatsApp logoThe Guardian roiled security professionals everywhere on Friday when it published an article claiming a backdoor in Facebook's WhatsApp messaging service allows attackers to intercept and read encrypted messages. It's not a backdoor—at least as that term is defined by most security experts. Most would probably agree it's not even a vulnerability. Rather, it's a limitation in what cryptography can do in an app that caters to more than 1 billion users.

At issue is the way WhatsApp behaves when an end user's encryption key changes. By default, the app will use the new key to encrypt messages without ever informing the sender of the change. By enabling a security setting, users can configure WhatsApp to notify the sender that a recently transmitted message used a new key.

Critics of Friday's Guardian post, and most encryption practitioners, argue such behavior is common in encryption apps and often a necessary requirement. Among other things, it lets existing WhatsApp users who buy a new phone continue an ongoing conversation thread.

Tobias Boelter, a Ph.D. candidate researching cryptography and security at the University of California at Berkeley, told the Guardian that the failure to obtain a sender's explicit permission before using the new key challenged the often-repeated claim that not even WhatsApp or its owner Facebook can read encrypted messages sent through the service. He first reported the weakness to WhatsApp last April. In an interview on Friday, he stood by the backdoor characterization.

"At the time I discovered it, I thought it was not a big deal... and they will fix it," he told Ars. "The fact that they still haven't fixed it yet makes me wonder why."

Source: Ars Technica

Tags: security, WhatsApp

Add comment

Your name:
Sign in with:
Your comment:

Enter code:

E-mail (not required)
E-mail will not be disclosed to the third party

Last news

The 41 million Galaxy S8/S8+ units that the company reported it has shipped in 2017
A new survey from Loup Ventures finds Apple iPhone users are falling into a predictable upgrade cycle
The company might do away with the Android Wear moniker in favor of “Wear OS”
But still no third-party Lightning to USB-C cables
Jolla confirmed Sailfish OS will now be supported by another Sony smartphone
A complete line of accessories will be available of $1,899.99
The Snapdragon 700 Series will allow you to capture content during the day and night
The Samsung Galaxy A5 (2017) Review
The evolution of the successful smartphone, now with a waterproof body and USB Type-C
February 7, 2017 /
Samsung Galaxy TabPro S - a tablet with the Windows-keyboard
The first Windows-tablet with the 12-inch display Super AMOLED
June 7, 2016 /
Keyboards for iOS
Ten iOS keyboards review
July 18, 2015 /
Samsung E1200 Mobile Phone Review
A cheap phone with a good screen
March 8, 2015 / 4
Creative Sound Blaster Z sound card review
Good sound for those who are not satisfied with the onboard solution
September 25, 2014 / 2
Samsung Galaxy Gear: Smartwatch at High Price
The first smartwatch from Samsung - almost a smartphone with a small body
December 19, 2013 /

News Archive



Do you use microSD card with your phone?
or leave your own version in comments (6)