System Backdoor in WhatsApp’s End-to-End Encryption.

According to a researcher, who discovered a security loophole in WhatsApp, our WhatsApp messages can be easily read by Facebook and government agencies.

Tobias Boelter, a security researcher at the University of California discovered there is a system backdoor in WhatsApp end-to-end encryption. Yup, that’s right, anyone can monitor your WhatsApp messages remotely.

What Do We Know About WhatsApp’s End-to-End Encryption?

Let’s throw some light on end-to-end encryption. It basically means scrambling the messages from the sender till they reach the recipient, making sure these messages are not read by any third-party.

For its end-to-end encryption, WhatsApp has decided to run a system in which even the company itself won’t be able to intercept or read the messages sent via this instant messenger app. Once a message is sent, it can only be unlocked by the intended recipient.  The end-end to encryption relies on generating unique security keys by using an acclaimed Signal Protocol which was developed by Open Whisper Systems.
The message is sent in coded series of digits and it needs a key that is only held by the sender and the recipient. These keys disappear after the message is unscrambled meaning the message cannot be unlocked afterwards. A WhatsApp user can verify that nobody monitors WhatsApp messages remotely by scanning a code on the phone of another user.

The Backdoor in Encryption Explained.

But the research has found a backdoor in this encryption. WhatsApp can actually intercept messages sent to the phones which are not connected to the internet and it can also forward these messages to a separate device without letting the sender and receiver know.  So, the messages can be sent to the intended device and the users who don’t have their security notifications activated will be completely unaware of it. That leaves a room for a third person to monitor WhatsApp messages remotely.

If any government agency asks WhatsApp to disclose its messaging records, it can readily grant access to it. That’s not it, this vulnerability can also be used for retrieving entire message transcriptions. Some experts say that this vulnerability can be abused for snooping on a single target messages, not the entire conversation log. However, this isn’t true. WhatsApp servers can forward messages without sending any double tick notifications and the sender or receiver might not even notice it. BY using the retransmission vulnerability, the WhatsApp server can later on get a transcript of the entire conversation, let alone a single message.

Chief of Cyber Security, Kevin Bocek, has labeled this vulnerability alarming at the time when government agencies are looking for ways to monitor WhatsApp messages remotely by bypassing encryptions. If this happens, then WhatsApp is actually violating the user’s privacy. He argued that companies should place a system for protecting the cryptographic keys whenever needed.

What Does WhatsApp Have to Say About This Interception?

WhatsApp says they have implemented this backdoor for a purpose. As people frequently change their devices and sim cards, the company wants to make sure their messages are delivered and not lost in the transit. The company further said that it has not given any backdoor to the government to its system and it will fight any such requests. This design decision has been implemented to prevent millions of messages from being lost. However, WhatsApp has created a security notification for alerting people about the potential security risks.

How Can You Protect Your Messages?

The question of concern now is how you can prevent someone from monitoring WhatsApp messages remotely?
For this, you will have to make some changes in the settings of your WhatsApp to receive an alert whenever there is a change in the encryption. This means you will get a notification whenever one of your messages is redirected to a device with a different key.

Here is how to set up the encryption warning:
• Go to ‘Settings’
• Tap on ‘Account Security’
• Turn on ‘Show Security Notifications’

If you are still disturbed by the idea that there is a possibility for someone to read your messages without your consent, it is recommended to switch to another instant messenger app that offers more secure encryption.