WhatsApp has had a system that secures the transmission of messages between users for several months, the company presenting it as perfect for facilitating safe conversations. Unfortunately, a vulnerability was discovered in the WhatsApp system for securing the transmission of messages, so they can be intercepted by hackers and not only that.
The vulnerability of the WhatsApp message security system was discovered by a computer security researcher, and he claims that Facebook could read the messages. Considering that Facebook can intercept WhatsApp messages, the company can provide this data including to the authorities, if they are requested by the judges.
Although the WhatsApp system was designed so that no one can intercept the messages, not even WhatsApp or Facebook, the implementation made in the platform also implies maintaining a major vulnerability. According to the one who discovered this problem, the Facebook company is perfectly aware of the vulnerability and keeps it consciously.
WhatsApp – messages can be intercepted by Facebook
The WhatsApp vulnerability implies the possibility that the encryption key of the messages can be changed from the servers, even when the users are offline. Any messages not sent until reconnecting to the Internet will be sent with the new security key, without the user knowing, and those from Facebook and WhatsApp could intercept and read them whenever they want.
"The recipient is not made aware of this change in encryption, while the sender is only notified if they have opted-in to encryption warnings in settings, and only after the messages have been re-sent. This re-encryption and rebroadcasting effectively allows WhatsApp to intercept and read users' messages."
The same message security system is used by the Signal application, but unlike WhatsApp, when the security key is changed there, the messages are not sent. Those from Facebook were warned about the vulnerability of WhatsApp, but they stated that in fact everything is normal, so the problem has not been solved until now.
"Professor Kirstie Ball, co-director and founder of the Center for Research into Information, Monitor and Privacy, called the existence of a backdoor within WhatsApp's encryption "a gold mine for security agencies" and "a huge betrayal of user trust" [...]"
Facebook refused to comment on the accusations, but since it said that this vulnerability of WhatsApp is actually something normal, its intentions are as clear as possible. Facebook has also been accused in the past of spying on users for US intelligence agencies, and this new WhatsApp problem generates a new scandal for the American company.
