According to a security researcher. there is a major security flaw in WhatsApp that allows messages to be read by Facebook and government agencies.
Tobias Boelter, a security researcher at the University of California, Berkeley, discovered WhatsApp method of end to end encryption contained a security flaw. The encryption was added last year to stop others reading a users messages.
As such, messages can be intercepted ‘enroute’ and sent to another device as well as the intended device without the knowledge of the sender. Providing that the phones aren’t connected to the internet and that the sender has not switched on security notifications .
Boelter told the Guardian newspaper, “If WhatsApp was asked by a government agency to disclose its messaging records it can effectively grant access due to the change in keys.”
The vulnerability is unique to WhatsApp. Entire message transcripts can be retrieved due to the same flaw. Boelter said this is worrying for journalists and activists as well as people who live under repression.
He continued, “[Some] might say that this vulnerability could only be abused to snoop on ‘single’ targeted messages, not entire conversations. This is not true if you consider that the WhatsApp server can just forward messages without sending the ‘message was received by recipient’ notification (or the double tick), which users might not notice. Using the retransmission vulnerability, the WhatsApp server can then later get a transcript of the whole conversation, not just a single message.”
Boelter said Facebook have done nothing to fix the flaw even though he told them last year about it.
Kevin Bocek, chief cyber security strategist at Venafi said, “The potential for government abuses from this misuse of encryption with WhatsApp is alarming. This is a serious vulnerability.
“This is critical at a time when governments worldwide are attempting to break down and intrude on the use of encryption to protect privacy, a basic right for people worldwide.”
Privacy is becoming a bigger issue every day for many users of digital devices.