WhatsApp Encryption was introduced to safeguard user messages. However, a bug present in the code can be potentially exploited to gain access to your chats.
For those who are not familiar with the technology, WhatsApp encryption works “end-to-end”. This means that when you send out a message, it get encrypted before leaving your device. The “key” to decrypting the message is sent separately to the user receiving the message. When it arrives on his device, he can decrypt the code using the key.
If someone tries to hack one of your messages while it’s en route to your friend’s device, all the hacker would see is a bunch of gibberish because he doesn’t have the “key”. This way your messages stay safe.
However, as reported by the Guardian, WhatsApp encryption is not as flawless as we thought earlier.
“A security vulnerability that can be used to allow Facebook and others to intercept and read encrypted messages has been found within its WhatsApp messaging service. Facebook claims that no one can intercept WhatsApp messages, not even the company and its staff, ensuring privacy for its billion-plus users. But new research shows that the company could, in fact, read messages due to the way WhatsApp has implemented its end-to-end encryption protocol.”
Proponents of privacy claim this bug to be a “huge threat to freedom of speech”, because if Facebook can read your messages, it’s only one Draconian law away from the Government having access to your messages.
As explained by Tobias Boelter, a cryptography and security researcher at the University of California, who discovered the WhatsApp encryption flaw in the first place: “If WhatsApp is asked by a government agency to disclose its messaging records, it can effectively grant access due to the change in keys.”
Boelter did take up the matter with Facebook (which owns WhatsApp), but they didn’t seem too concerned. They said no one at Facebook would ever read your messages. And speaking of the government pressuring tech giants into giving up their data, a representative from WhatsApp later commented that they would not cave-in to governments anywhere and that their users’ privacy was their top priority.
“WhatsApp does not give governments a ‘backdoor’ into its systems and would fight any government request to create a backdoor.”
As for the problem itself, it has been known to flare most often when your messages don’t get delivered to the recipient immediately. The WhatsApp encryption keys usually have a short life, and they expire if not used within a specified time frame. In such situations, WhatsApp generates another code and resends the messages. This process is repeated until your message gets delivered.
“We know the most common reasons this happens are because someone has switched phones or reinstalled WhatsApp. This is because, in many parts of the world, people frequently change devices and Sim cards. In these situations, we want to make sure people’s messages are delivered, not lost in transit.”
Now that the matter has come to public attention, we hope Facebook will upgrade the WhatsApp encryption protocol. In the meanwhile, we recommend all our users to enable the following security feature:
Go to Settings > Account > Security. Toggle the switch to “on” under “Show security notifications”.
Once you enable this feature, WhatsApp will notify you every time there’s a change in the encryption keys or if one the encryption modules have been changed without your notice.
We hope this helps. Stay safe people!