Backdoor in WhatsApp

WhatsApp claims to be one of the most secure messaging applications, and says it has the ability to encrypt so much that even its founders can not access the content.

However, there seems to be one which allows WhatsApp messages to be notified.

Tobias Boelter, a cryptographer and security researcher at the University of California, told Guardian that "If WhatsApp is asked by a government agency to disclose its messages, it may grant access by keys.”WhatsApp

The cryptographer who discovered the backdoor on WhatsApp reported that but others could potentially steal and read the app's "encrypted" messages.

Facebook has meanwhile claimed that no one can intercept messages from WhatsApp, even the company's own staff. But the researcher seems to refute them.

The WhatsApp app uses end-to-end encryption that is supposed to generate unique security keys using the Signal protocol, created by Open Systems.

The application provides offline users with encryption keys. The sender, on the other hand, can re-send encrypted messages with new keys. So it can send unsaved messages again.

The recipient has not been notified of the change in encryption, and the sender is only informed if he has chosen to receive encryption alerts and only after the messages have been resent. Specifically, this method of "re-encryption" gives access to WhatsApp to read the messages of each user.

Professor Kirstie Ball, one of the founders of the Center for Research into Information, Surveillance and Privacy, said that this backdoor is a "huge threat" to freedom of speech and " gold mine for security services ”, while some Twitter users warn people to stop using WhatsApp.

The application can resend messages that have not been delivered with a new security key, so the company's staff can access them. It seems that the backdoor is not connected to the Signal protocol since the Open Whisper Systems Signal messaging application has no security problem.

Facebook has reportedly been informed of the issue since April 2016. The company had then told the cryptographer that it was a known issue, and described it as "expected behavior".

Update: Saturday 14 January 6.51: The publication was updated to add the official responses to the allegations Guardian from Facebook and WhatsApp.

https://iguru.gr/152819/whatsapp-backdoor-facebook-and-whatsapp-responded

 

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.087 registrants.

2016backdoor cutsFacebookhttpsI'm sureiguru.grinformationofflineopenprotocolresearchsignalsTwitterwhatsappwhisperbetter safetysecuritycompanyapplicationsapplicationencryptioninformationserviceservicesusers

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).