“Backdoor” in WhatsApp is in fact a feature

images
At issue is the way WhatsApp behaves when an end user’s encryption key changes. By default, the app will use the new key to encrypt messages without ever informing the sender of the change. By enabling a security setting, users can configure WhatsApp to notify the sender that a recently transmitted message used a new key.

Image

“The fact that WhatsApp handles key changes is not a ‘backdoor,'” he wrote in a blog post. “It is how cryptography works. Any attempt to intercept messages in transmit by the server is detectable by the sender, just like with Signal, PGP, or any other end-to-end encrypted communication system.”  He went on to say that, while it’s true that Signal, by default, requires a sender to manually verify keys and WhatsApp does not, both approaches have potential security and performance drawbacks. For instance, many users don’t understand how to go about verifying a new key and may turn off encryption altogether if it prevents their messages from going through or generates error messages that aren’t easy to understand.

Security-conscious users, meanwhile, can enable security notifications and reply on a “safety number” to verify new keys.

Ultimately, there’s little evidence of a vulnerability and certainly none of a backdoor—which is usually defined as secret functionality for defeating security measures. WhatsApp users should strongly consider turning on security notifications by accessing Settings > Account > Security.

About Mathias Amodu 894 Articles
My Name is Mathias Amodu, a passionate blogger with full interest in making the world a better place for upcoming webmasters in the society at large

One Response

  1. Anonymous June 21, 2017

Leave a Reply

*