WhatsApp claims to be one of the most secure messaging apps messages, and reports that it is capable of such strong encryption that even its founders themselves cannot access the content.
However, there appears to be a backdoor that allows WhatsApp messages to be disclosed.
Tobias Boelter, a cryptographer and security researcher at the University of California, told Guardian ότι "Αν ζητηθεί από την WhatsApp από κάποια κυβερνητική service to reveal her messages, may grant access to her change κλειδιών."
The cryptographer who discovered the WhatsApp backdoor said Facebook and others could potentially intercept and read the app's "encrypted" messages.
Facebook has meanwhile claimed that no one can intercept messages from WhatsApp, even the company's own staff. But the researcher seems to refute them.
WhatsApp uses end-to-end encryption that is supposed to produce unique security keys using the Signal protocol created by Open Whisper Systems.
The application provides offline users with encryption keys. The sender, on the other hand, can re-send encrypted messages with new keys. So it can send unsaved messages again.
Ο παραλήπτης δεν έχει ενημερωθεί για την αλλαγή στην κρυπτογράφηση, ενώ ο αποστολέας ενημερώνεται μόνο εφόσον έχει επιλέξει να λαμβάνει προειδοποιήσεις για την κρυπτογράφηση και μόνο μετά όταν τα μηνύματα έχουν σταλεί εκ νέου. Συγκεκριμένα αυτή η μέθοδος της "εκ νέου κρυπτογράφησης" δίνει πρόσβαση στο WhatsApp να διαβάζει τα μηνύματα του κάθε χρήστη.
Professor Kirstie Ball, one of the founding members of the Center for Research into Information, Surveillance and Privacy, said the backdoor was a "huge threat" to freedom of speech and " gold mine for security services," while some Twitter users are warning people to stop using WhatsApp.
The app can resend undelivered messages with a new security key so company staff can access them. It also appears that the backdoor is not connected to the Signal protocol, since Open Whisper Systems' Signal messaging application does not have any problem security.
Το Facebook φέρεται να έχει ενημερωθεί για το θέμα από τον Απρίλιο του 2016. Η εταιρεία είχε πει τότε στον κρυπτογράφο που ήταν ένα γνωστό ζήτημα, και το χαρακτήρισε "αναμενόμενη συμπεριφορά".
Update: Saturday 14 January 6.51am: The post has been updated to add the official responses to her claims Guardian from Facebook and WhatsApp.
https://iguru.gr/152819/whatsapp-backdoor-facebook-and-whatsapp-responded
