WhatsApp engineers share their fears about the app being vulnerable to government monitoring via n internal report. While the WhatsApp structure doesn’t exhibit any vulnerability, the existing network monitoring techniques may help governments bypass the app’s encryption to monitor users’ app usage pattern.
Government May Bypass WhatsApp Encryption For Monitoring
According to an internal Meta report, WhatsApp engineers have noticed a severe security issue making WhatsApp users vulnerable to government monitoring. First disclosed by The Intercept, the report reveals WhatsApp employees’ fears for the privacy and security of their users.
As reported, the problem—or security lapse—isn’t because of any technical vulnerability. Meta spokesperson Christina LoNigro assured that no backdoors or vulnerabilities exist in WhatsApp’s workings. However, the problem exists because of the current network monitoring techniques governments employ, or may employ, to monitor their citizens’ digital activities.
Using network monitoring and traffic analysis, authorities can identify WhatsApp users—senders and receivers alike—and their locations (via the IP addresses), deducing whether a respective user is part of a WhatsApp group. While the exact chat contents remain veiled due to the underlying WhatsApp encryption, the metadata gathered via traffic analysis suffices for the authorities to profile target users.
Regarding the practical exploitation of this scenario, Meta officials mention Israel as a state targeting Palestinian WhatsApp users.
This security issue doesn’t typically risk WhatsApp only. Almost every service encrypting users’ communications can be surveilled in this manner. However, given WhatsApp’s huge user base (roughly 2 billion) and the typical pattern of WhatsApp traffic flowing through Meta servers, the risk is far greater for WhatsApp users.
Though the engineers have internally reported the matter to Meta management, there seem no specific plans from the management to address this issue anytime soon.
Is There A Fix?
While the report sounds terrifying, average WhatsApp users need not worry much about such monitoring since not all governments apply such intensive network monitoring. (Though, they may do it at any time as needed.)
Nonetheless, considering that the threat persists—particularly for citizens in authoritarian regimes—using means such as VPN may significantly help them avoid WhatsApp surveillance. While the VPN’s encryption would still be detectable, it will at least save users from the specific exposure of WhatsApp usage, encrypting all internet activities alike.
Besides, users must remain wary of WhatsApp spam messages, unsolicited calls, and group invites. Even with trusted contacts, users must avoid sharing sensitive details or information they don’t want snoopers to know. Instead, users may switch to other securer means of communication for sharing sensitive stuff.
Let us know your thoughts in the comments.