security researchers have discovered a “backdoor” in WhatsApp that can be used by Facebook and others to read the messages that are shared on the app, says a report. The privacy advocates have expressed their concern over the revelation and have warned that “it can be used by government agencies to snoop on users who believe their messages to be secure.”
The report, published in The Guardian, is based on findings of a security researcher. “If WhatsApp is asked by a government agency to disclose its messaging records, it can effectively grant access due to the change in keys,” Tobias Boelter, the security researcher who discovered the backdoor, told Guardian. Boelter claimed that he had already warned Facebook about the backdoor vulnerability last year but the company replied that it was not an common issue and that it was working to fix it.
WhatsApp last year turned on encryption for all communication carried through its app. The encryption feature works on unique security keys that is generated using Signal protocol developed by Open Whisper System. These keys are exchanged and verified between the WhatsApp users to ensure that the communications is secure and can’t be tracked or hacked. However, WhatsApp apparently also retains the ability to re-encrypt the messages for its offline user, thus allowing the app to snoop on its user’s messages. This was found by Boelter.
“It is a huge threat to freedom of speech, for it to be able to look at what you’re saying if it wants to. Consumers will say, I’ve got nothing to hide, but you don’t know what information is looked for and what connections are being made,” Professor Kirstie Ball, co-director and founder of the Centre for Research into Information, Surveillance and Privacy told The Guardian.
While announcing the encryption feature earlier, WhatsApp had made a big deal about it. “Encryption is one of the most important tools governments, companies, and individuals have to promote safety and security in the new digital age. Recently there has been a lot of discussion about encrypted services and the work of law enforcement. While we recognize the important work of law enforcement in keeping people safe, efforts to weaken encryption risk exposing people’s information to abuse from cybercriminals, hackers, and rogue states,” the company noted on its blog.
The app has been lauded for its stance on privacy. But at the same time, it also caused a flutter among activists and users last year when it announced that it would share its some users data with Facebook.
