Backdoor in WhatsApp

The WhatsApp app claims to be one of the most secure messaging, and claims to be capable of such strong encryption that even its founders themselves cannot access the content.

However, there appears to be a backdoor that allows WhatsApp messages to be disclosed.

Tobias Boelter, a cryptographer and researcher at the University of California, he reported on Guardian that "If WhatsApp is asked by a government agency to disclose its messages, it may grant access by keys.”Whatsapp

The cryptographer who discovered the backdoor on WhatsApp said that Facebook and others could potentially steal and read the "encrypted" messages of the application.

Facebook has meanwhile claimed that no one can intercept messages from WhatsApp, even the company's own staff. But the researcher seems to refute them.

WhatsApp uses end-to-end encryption that is supposed to produce unique security keys using the Signal protocol created by Open Whisper Systems.

The application provides them with users encryption keys. The sender on the other hand can resend encrypted messages with new keys. So it can send messages that have not been delivered again.

The recipient has not been notified of the change in encryption, and the sender is only informed if he has chosen to receive encryption alerts and only after the messages have been resent. Specifically, this method of "re-encryption" gives access to WhatsApp to read the messages of each user.

Professor Kirstie Ball, one of the founders of the Center for Research into Information, Surveillance and Privacy, said that this backdoor is a "huge threat" to freedom of speech and " gold mine for security services ”, while some Twitter users warn people to stop using WhatsApp.

The application can resend messages that have not been delivered with a new security key, so the company's staff can access them. It seems that the backdoor is not connected to the Signal protocol since the Open Whisper Systems Signal messaging application has no security problem.

Facebook has reportedly been notified of the since April 2016. The company had told the cryptographer at the time that it was a known issue, calling it “expected behavior”.

Update: Saturday 14 January 6.51: The publication was updated to add the official responses to the allegations Guardian from Facebook and WhatsApp.

https://iguru.gr/152819/whatsapp-backdoor-facebook-and-whatsapp-responded

 

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.086 registrants.

2016backdoor cutsFacebookhttpsI'm sureiguru.grinformationofflineopenprotocolresearchsignalsTwitterwhatsappwhisperbetter safetysecuritycompanyapplicationsapplicationencryptioninformationserviceservicesusers

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).