WhatsApp backdoor allows snooping on encrypted messages

For those of you spilling your deepest, darkest secrets via WhatsApp, we have some bad news.

Like, y’know, the government.

Despite the fact security is lauded as one of WhatsApp’s selling points – it’s often favoured by people living in oppressive regimes and diplomats – privacy campaigners have called the backdoor a “huge threat to freedom of speech”.

However, WhatsApp has the ability to generate keys offline that re-encrypt and then re-send undelivered messages without notifying the user beforehand, or giving them the opportunity to prevent it.

The discovery has prompted experts to slam the service as an “extremely insecure platform”, while cryptographer and security researcher Tobias Boelter underlined exactly how this implicates users’ privacy.

A WhatsApp spokesperson said of the findings: “In WhatsApp’s implementation of the Signal protocol, we have a ‘Show Security Notifications’ setting (option under Settings > Account > Security) that notifies you when a contact’s security code has changed.

“This is because in many parts of the world, people frequently change devices and Sim cards. In these situations, we want to make sure people’s messages are delivered, not lost in transit.”

Want up-to-the-minute entertainment and tech news? Just hit ‘Like’ on our Digital Spy Facebook page and ‘Follow’ on our @digitalspy Twitter account and you’re all set.

Leave a Reply

Your email address will not be published. Required fields are marked *