“Backdoor” in WhatsApp is in fact a feature | Zealmat Tech Blog

Saturday

“Backdoor” in WhatsApp is in fact a feature

Share... ☂

Share on Facebook
Share on Twitter
Share on Google+
At issue is the way WhatsApp behaves when an end user's encryption key changes. By default, the app will use the new key to encrypt messages without ever informing the sender of the change. By enabling a security setting, users can configure WhatsApp to notify the sender that a recently transmitted message used a new key.

Image

"The fact that WhatsApp handles key changes is not a 'backdoor,'" he wrote in a blog post. "It is how cryptography works. Any attempt to intercept messages in transmit by the server is detectable by the sender, just like with Signal, PGP, or any other end-to-end encrypted communication system."  He went on to say that, while it's true that Signal, by default, requires a sender to manually verify keys and WhatsApp does not, both approaches have potential security and performance drawbacks. For instance, many users don't understand how to go about verifying a new key and may turn off encryption altogether if it prevents their messages from going through or generates error messages that aren't easy to understand.

Security-conscious users, meanwhile, can enable security notifications and reply on a "safety number" to verify new keys.


Ultimately, there's little evidence of a vulnerability and certainly none of a backdoor—which is usually defined as secret functionality for defeating security measures. WhatsApp users should strongly consider turning on security notifications by accessing Settings > Account > Security.
Share :

zealmatblog

1 comment:

  1. I was wondering if you ever considered changing the page layout of youhr
    website? Itss very well written; I love what
    youve got to say. But maybe you could a little
    more in the way of content sso people could connect with it
    better. Youve got ann awful lot of text for only having one or two pictures.
    Maybe you could space itt out better?

    ReplyDelete



Parse Your Adsense HTML code Here





We love to hear from you!

Sign in to comment "anonymously" without entering verification text.