WhatsApp claims to be one of the most secure messaging applications, and says it has the ability to encrypt so much that even its founders can not access the content.
However, there appears to be a backdoor that allows WhatsApp messages to be disclosed.
Tobias Boelter, a cryptographer and researcher better safety at the University of California, he reported on Guardian "If WhatsApp is asked by a government agency to disclose its messages, it may grant access by changing the keys."
The cryptographer who discovered the backdoor on WhatsApp said that Facebook and others could potentially steal and read the "encrypted" messages of the application.
Facebook has meanwhile claimed that no one can intercept messages from WhatsApp, even the company's own staff. But the researcher seems to refute them.
WhatsApp uses end-to-end encryption that is supposed to produce unique security keys using the Signal protocol created by Open Whisper Systems.
The application provides offline users with encryption keys. The sender, on the other hand, can re-send encrypted messages with new keys. So it can send unsaved messages again.
The recipient has not been notified of the change in encryption, and the sender is only informed if he has chosen to receive encryption alerts and only after the messages have been resent. Specifically, this method of "re-encryption" gives access to WhatsApp to read the messages of each user.
Professor Kirstie Ball, one of the founding members of the Center for Research into Information, Surveillance and Personal Data Protection (Centre for Research into Information, Surveillance and Privacy), δήλωσε ότι το συγκεκριμένο backdoor αποτελεί μια “τεράστια απειλή” για την ελευθερία του λόγου και “χρυσωρυχείο για τις services security", while some Twitter users are warning people to stop using WhatsApp.
The app can resend undelivered messages with a new one key security and so company staff can access them. It also appears that the backdoor is not related to the Signal protocol, since Open Whisper Systems' Signal messaging app does not have any security issues.
Facebook has reportedly been informed of the issue since April 2016. The company had then told the cryptographer that it was a known issue, and described it as "expected behavior".
Update: Saturday 14 January 6.51: The publication was updated to add the official responses to the allegations Guardian from Facebook and WhatsApp.
https://iguru.gr/152819/whatsapp-backdoor-facebook-and-whatsapp-responded