WhatsApp's end-to-end encryption is not entirely safe, says report
A security backdoor exists that could let Facebook intercept your messages.
Facebook and other applications can intercept and read your WhatsApp messages, according to a report in The Guardian. The end-to-end encryption in WhatsApp was introduced in April 2016 in a huge boost to privacy technology.
WhatsApp’s end-to-end encryption is based on technology that scrambles messages in such a way that requires keys to unscramble them. These keys were supposed to only be shared between the phones sending messages to each other, without even WhatsApp having access. New research, however, suggests that while users are offline, WhatsApp has the power to change these keys, potentially making them much less secure.
Tobias Boelter, a cryptography and security researcher at the University of California, Berkeley, made the discovery of this security backdoor. Boelter says the company could use this backdoor to access entire conversations. Boelter also told The Guardian that he had notified Facebook of this issue last year when the end-to-end encryption was rolled out.
WhatsApp’s end-to-end encryption works on the generation of unique security keys using Signal protocol, which has been endorsed by Edward Snowden. In a tweet in November 2015, Snowden said he used Signal “every day”.
In April 2016, the Facebook-owned messaging service, WhatsApp, rolled out end-to-end encryption across all devices supporting the platforms. “WhatsApp’s end-to-end encryption ensures only you and the person you’re communicating with can read what is sent, and nobody in between, not even WhatsApp,” it had said.
Addendum: WhatsApp has denied the report and said it does not give governments a backdoor into its systems.