Home / Software & Gaming / Security / Concerns arise over WhatsApp encryption weakness

Concerns arise over WhatsApp encryption weakness

Matthew Wilson January 13, 2017 Security

WhatsApp has been trying to improve its stance as far as privacy and security go since last year, when the messaging service introduced end to end encryption. Unfortunately, it turns out that WhatsApp's encryption isn't keeping messages as secure as one would hope. Several months back, security researchers discovered a backdoor in WhatsApp's encryption, leaving messages vulnerable to interception. The messaging service was notified but has not patched it at all.

Security researcher Tobias Boelter was the first to make the vulnerability public, after notifying WhatsApp and giving them ample time to come up with a patch.

whatsapplock

WhatsApp uses the Signal protocol to generate unique security keys for its encryption. However, the company also has a way to force the generation of new encryption keys for undelivered messages without the knowledge of the sender. Generating new keys will automatically try to resend the messages, which then could allow the company to intercept them to read, or to theoretically hand off access to other agencies.

This method has since been commented on by Facebook, who say that forcing new encryption keys is there to help stop messages being lost in transit:

“Last year, we gave all our users a better level of security by making every message, photo, video, file and call end-to-end encrypted by default. In WhatsApp’s implementation of the Signal protocol, we have a “Show Security Notifications” setting (option under Settings > Account > Security) that notifies you when a contact’s security code has changed. We know the most common reasons this happens are because someone has switched phones or reinstalled WhatsApp. This is because in many parts of the world, people frequently change devices and Sim cards. In these situations, we want to make sure people’s messages are delivered, not lost in transit.”

It doesn't really address all of the concerns raised by security researchers, but from the sounds of it, Facebook won't be making any changes.

KitGuru Says: In reality, this won't really affect many people and most people don't really have any reason to worry. However, if you happen to be super conscious about privacy and security, then you may want to look into these vulnerabilities a little more.

Become a Patron!

Tags

Check Also

Chinese Steam

Valve confirms Steam has not suffered a data breach

This week, someone claimed to have breached Valve's Steam servers, coming away with account information for over 89 million users. Something seemed a bit fishy about the claim at the time, but now, Valve has confirmed that no data breach has taken place.

One comment

  1. Thomas Jackson
    January 14, 2017 at 3:15 pm

    Read through following report to learn how a single mother was able to generate $89,844/year in her free time on her laptop or computer without selling anything>>>FL-Y.COM/3m1g

© Copyright 2025, Kitguru.net All Rights Reserved Standard Terms

We've noticed that you are using an ad blocker.

Thank you for visiting KitGuru. Our news and reviews teams work hard to bring you the latest stories and finest, in-depth analysis.

We want to be as informative as possible – and to help our readers make the best buying decisions. The mechanism we use to run our business and pay some of the best journalists in the world, is advertising.

If you want to support KitGuru, then please add www.kitguru.net to your ad blocking whitelist or disable your adblocking software. It really makes a difference and allows us to continue creating the kind of content you really want to read.

It is important you know that we don’t run pop ups, pop unders, audio ads, code tracking ads or anything else that would interfere with the KitGuru experience. Adblockers can actually block some of our free content, such as galleries!