WhatsApp Could Threaten User Privacy With App Flaw

According to a report from The Guardian, there was a way for the app to access your private messages. It says that WhatsApp's encryption depends on the swapping and verifying of unique digital keys between users, keeping communication between them only. The keys are made with the help of Open Whisper Systems' Signal protocol.

However, the report says that whenever you send a message while the recipient is offline, WhatsApp generates a new encryption key and can automatically resend the unsent PMs. This means that a copy of the message is available and would be accessible to Facebook and governments.

The alleged security loophole was discovered by a PhD cryptography and security researcher from UC Berkeley named Tobias Boelter who fed information to the Guardian: "If WhatsApp is asked by a government agency to disclose its messaging records, it can effectively grant access due to the change in keys."

Steffen Tor Jensen, the European-Bahraini Organisation for Human Rights head of information security and digital counter-surveillance also verified this loophole.

"WhatsApp can effectively continue flipping the security keys when devices are offline and re-sending the message, without letting users know of the change till after it has been made, providing an extremely insecure platform," he told the paper.

WhatsApp said that it would be sharing user information, including phone numbers and app use for advertisements with its parent company Facebook in August 2015. This could have been the start of all the suspicions directed towards WhatsApp, however, apprehensions over the WhatsApp user privacy has been rampant ever since Facebook $22 billion acquisition in 2014.

A Facebook spokesperson responded that the claim that WhatsApp has a backdoor allowing governments to force WhatsApp to decrypt messages streams is false, further explaining that WhatsApp does not give governments a backdoor would even fight any government request to create a backdoor.

© 2024 iTech Post All rights reserved. Do not reproduce without permission.

More from iTechPost

Real Time Analytics