Backdoor in WhatsApp

WhatsApp claims to be one of the most secure messaging apps, and claims to have encryption so strong that even its founders can't in the content.

However, there appears to be a backdoor that allows WhatsApp messages to be disclosed.

Tobias Boelter, a cryptographer and security researcher at the University of California, told Guardian "If WhatsApp is asked by a government agency to disclose its messages, it may grant access by changing the keys."Whatsapp

The cryptographer who discovered the backdoor on WhatsApp said that Facebook and others could potentially steal and read the "encrypted" messages of the application.

Facebook has meanwhile claimed that no one can intercept messages from WhatsApp, even the company's own staff. But the researcher seems to refute them.

WhatsApp uses end-to-end encryption that is supposed to produce unique security keys using the Signal protocol created by Open Whisper Systems.

The application provides offline users with encryption keys. The sender, on the other hand, can re-send encrypted messages with new keys. So it can send unsaved messages again.

The recipient has not been notified of the change in encryption, and the sender is only informed if he has chosen to receive encryption alerts and only after the messages have been resent. Specifically, this method of "re-encryption" gives access to WhatsApp to read the messages of each user.

Professor Kirstie Ball, one of the founding members of the Center for Research on Information, Surveillance and Personal Data Protection (Centre for into Information, and Privacy), said that this particular backdoor is a "huge threat" to freedom of speech and a "gold mine for security services", while some users are warning people to stop using WhatsApp.

The application can resend messages that have not been delivered with a new security key, so the company's staff can access them. It seems that the backdoor is not connected to the Signal protocol since the Open Whisper Systems Signal messaging application has no security problem.

Facebook has reportedly been informed of the issue since April 2016. The company had then told the cryptographer that it was a known issue, and described it as "expected behavior".

Update: Saturday 14 January 6.51: The publication was updated to add the official responses to the allegations Guardian from Facebook and WhatsApp.

https://iguru.gr/152819/whatsapp-backdoor-facebook-and-whatsapp-responded

 

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.082 registrants.

2016backdoor cutsFacebookhttpsI'm sureiguru.grinformationofflineopenprotocolresearchsignalsTwitterwhatsappwhisperbetter safetysecuritycompanyapplicationsapplicationencryptioninformationserviceservicesusers

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).