WhatsApp Encrypted Messages are not End-to-End Secure At Least

WhatsApp, if wanted, could eavesdrop into your messages.

The popular WhatsApp messenger which is best known to provide end-to-end encryption with the messages you send and receive are not actually secure at end-to-end. WhatsApp itself can break it if wanted via a backdoor which, according to the Guardian report, can be used upon Government demand.

While the care takers of the messenger and of its evolution have quickly responded to the report with a clear cut statement “WhatsApp does not give governments a ‘backdoor’ into its systems and would fight any government request to create a backdoor.”

The way, not to call it as a bug but may be an intentional feature, allows the engineers at WhatsApp to generate a new encryption key for an offline user while forcing the sender to re-encrypt and send the message again using the new key. The process of re-encrypting and re-sending the message with a key generated by WhatsApp allows it to decrypt the messages being sent with its own key.

Additionally, it’s also reported that recipients will never know that messages which were intended for them were already seen by someone else. On the other side, the sender will only be notified with the forced-change in encryption if they had enabled security notifications in the settings but that also doesn’t reveal if someone at WhatsApp had intercepted leaving the sender think about knowing if he/she really was eavesdropped due to the encryption change because it’s a normal behaviour at user end and encryption changes from time to time.

The report held this as a security backdoor, but not a bug, which was discovered by Tobias Boelter, a cryptography and security researcher at University of California, Berkeley. It also suggested this backdoor can be used to intercept users’ discussions if asked by Government’s agencies.

Previously in April 2016, the flaw has been reported to the makers but no action was taken to fix this which could also lead you think that WhatsApp had knowledge about this already or may be they intentionally put it there for their selves – this is their product though. On the report WhatsApp claimed that user’s security code change at client level whenever a phone or SIM card is changed, or WhatsApp is re-installed. As well it allows the makers to make sure that messages are delivered which is not possible if the backdoor wasn’t there – or say if the encryption was really 100% end-to-end.

So WhatsApp has already clarified about the situation and why they need this bug-cum-feature for the system to work great while having monitor on the message flow whenever they need or want. Now you know your messages are indeed secure but not only among you and your peer but also the middle man WhatsApp itself.

But a thing still remains questionable as right at the security settings in WhatsApp (see above screen), it states “When possible, the messages you send and your calls are secured with end-to-end encryption, which means WhatsApp and third parties can’t read or listen to them”. It clearly cheats the user by saying that even WhatsApp can’t intercept. Or the phrase “When possible,” in the full statement could be a key to understand that there were situations when your messages or calls could be intercepted?

Well that’s it. If you take your privacy and security as vital, you can frequently get your security code changed by re-installing the app which is not that great idea anyway. Or you can just keep chatting with your friends and family and don’t care about it.