WhatsApp Backdoor could allow Hackers to intercept Messages
WhatsApp has a potential security problem.
Private messages could be spied on due to the way the app uses encryption.
Unique security keys used in the technology have a potential weak spot, the Guardian reports.
Each time a message is sent between users these keys are swapped, which ensures the communication is being sent to the right person and no-one else can access it.
But it has emerged WhatsApp sometimes makes a user change the keys without their knowledge, which means a hacker may be able to intercept the messages without the software realising.
‘If WhatsApp is asked by a government agency to disclose its messaging records, it can effectively grant access due to the change in keys,’ said security researcher Tobias Boelter, who discovered the backdoor.
The good news is there is already a fix in place for the potential security risk.
You have to click on the settings option and then the security tab.
This should take you to a single option called ‘Show Security Notifications’.
Turn this on and you’re good to go. You will now be alerted each time a security key changes.
WhatsApp uses the Signal protocol for its end-to-end encryption.
WhatsApp said in a statement: ‘At WhatsApp, we’ve always believed that people’s conversations should be secure and private.
‘Last year, we gave all our users a better level of security by making every message, photo, video, file and call end-to-end encrypted by default.
‘As we introduce features like end-to-end encryption, we focus on keeping the product simple and take into consideration how it’s used every day around the world.’
A WhatsApp spokesperson added: ‘The Guardian posted a story this morning claiming that an intentional design decision in WhatsApp that prevents people from losing millions of messages is a “backdoor” allowing governments to force WhatsApp to decrypt message streams. This claim is false.
‘WhatsApp does not give governments a “backdoor” into its systems and would fight any government request to create a backdoor.
‘The design decision referenced in the Guardian story prevents millions of messages from being lost, and WhatsApp offers people security notifications to alert them to potential security risks.
‘WhatsApp published a technical white paper on its encryption design, and has been transparent about the government requests it receives, publishing data about those requests in the Facebook Government Requests Report.” – WhatsApp spokesperson