Recently the allegations of WhatsApp having a backdoor that is used for third-party snooping went viral on social media platforms. Now all these allegations are shot down by WhatsApp, which called the allegations false.
On last Friday, news outlet from The Guardian reported that a cryptography researcher found a backdoor in WhatsApp’s messaging service which could “allow Facebook and others to intercept and read the encrypted messages.”
In a short statement, WhatsApp said the claim was not true:
“WhatsApp does not give governments a ‘backdoor’ into its systems and would fight any government request to create a backdoor. The design decision referenced in The Guardian story prevents millions of messages from being lost, and WhatsApp offers people security notifications to alert them to potential security risks. WhatsApp published a technical white paper on its encryption design, and has been transparent about the government requests it receives, publishing data about those requests in the Facebook Government Requests Report.”
The Guardian report included the research by Tobias Boelter who is a cryptography and security researcher at University of California, Berkeley. Last April, Tobias took these findings to WhatsApp and published a report that what he posted could be either a backdoor or a flaw in WhatsApp’s messaging platform. Tobias Boelter later said The Guardian that the “backdoor” gave WhatsApp ability to read messages because of the way the company has implemented its end-to-end encryption protocol. Reporters quoted Kirstie Ball, co-director and founder of the Centre for Research into Information, Surveillance and Privacy who verified Boelter’s research and stated the “backdoor” made WhatsApp an “an extremely insecure platform.”
The Guardian explains Boelter’s alleged backdoor like this:
WhatsApp’s end-to-end encryption relies on the generation of unique security keys, using the acclaimed Signal protocol, developed by Open Whisper Systems, that are traded and verified between users to guarantee communications are secure and cannot be intercepted by a middleman. However, WhatsApp has the ability to force the generation of new encryption keys for offline users, unbeknown to the sender and recipient of the messages, and to make the sender re-encrypt messages with new keys and send them again for any messages that have not been marked as delivered.
The recipient is not made aware of this change in encryption, while the sender is only notified if they have opted-in to encryption warnings in settings, and only after the messages have been re-sent. This re-encryption and rebroadcasting effectively allows WhatsApp to intercept and read users’ messages.