WhatsApp has 'bug' that could be exploited

WhatsApp has 'bug' that could be exploited

Screen grab of smartphone showing icons for Facebook and WhatsApp

WhatsApp has a security bug that could allow encrypted messages to be intercepted from the popular messaging app that owner Facebook has said promises end-to-end encryption.

WhatsApp, acquired by Facebook in 2014, said last year that all communications such as text messages, videos and other files flowing the service would be encrypted. The app has become hugely popular, with more than 1 billion users.

About the time that WhatsApp announced its end-to-end encryption, cryptography and security researcher Tobias Boelter at the University of California-Berkeley contacted WhatsApp about a flaw he had found in the app. He found that undelivered messages -- perhaps because the receiver of the message was offline or had changed their phone number -- could be intercepted either by an attacker or WhatsApp itself, he says.

Thats because WhatsApp makes new encryption keys for undelivered messages and those could be intercepted by a third party that is not WhatsApp. WhatsApp itself, since it is generating another version of the message, has it on its servers, too.

In an interview with The Guardian, Boelter said, “If WhatsApp is asked by a government agency to disclose its messaging records, it can effectively grant access due to the change in keys.”

Boelter also did a presentation on the WhatsApp vulnerability earlier this year -- a video is posted on Twitter -- and wrote about the situation on his blog in May saying that "next time the FBI will not ask Apple but WhatsApp to ship a version of their code that will send all decrypted messages directly to the FBI."

He contacted Facebook and WhatsApp about the vulnerability in April 2016 and, in May, Facebook told him the company is not "actively working on changing" it.

A WhatsApp spokesperson told The Guardian that users can change their security settings so that they know when a contact's key or code is changed. "We know the most common reasons this happens are because someone has switched phones or reinstalled WhatsApp. This is because in many parts of the world, people frequently change devices and Sim cards. In these situations, we want to make sure people’s messages are delivered, not lost in transit,” the company told The Guardian.

Privacy advocates had been concerned with WhatsApp on another issue, too. In August 2016, WhatsApp said it would begin sharing data with Facebook, as a way to better serve users and fight spam. But the requirement that users opt-out of the feature led privacy groups including Electronic Privacy Information Center to file complaints with the Federal Trade Commission.

EPIC called the move an "unfair and deceptive trade practice." And European Union Commissioner Margrethe Vestager said Facebook "gave us incorrect or misleading information during the investigation into its acquisition of WhatsApp."



Add Comment

all comments

  Other news

more
Sunstroke suspected over baby death in car

Sunstroke suspected over baby death in car..

26-May, 08:24

A post-mortem examination is expected to take place on Friday after the...

Should you enroll in Medicare? For most, answer is yes

Should you enroll in Medicare? For most, answer is yes..

26-May, 08:56

Don't be late! When should you sign up for Medicare? There isn't exactly...

Chipotle identifies malware used in credit card hack

Chipotle identifies malware used in credit card hack..

26-May, 20:24

Chipotle released further information about a data breach on Friday....

Just Cool Cars: '61 VW Westfalia camper is a marvel

Just Cool Cars: '61 VW Westfalia camper is a marvel..

27-May, 04:50

John Tanner, of Valenica, Calif., with his 1961 Volkswagon Westfalia...

The Latest: Germany backs Tusk re-election to EU top job

The Latest: Germany backs Tusk re-election to EU top job..

09-Mar, 05:38

The Latest on the European Union summit taking place Thursday and Friday...

Professor behind designated drivers takes on distracted ones

Professor behind designated drivers takes on distracted ones..

05-Apr, 17:40

A Harvard University professor who introduced Americans to the concept of...

Portuguese Teens Who Left Names on Auschwitz Gate Sentenced

Portuguese Teens Who Left Names on Auschwitz Gate Sentenced..

08-Feb, 15:24

Two Portuguese teenagers who wrote their names on a gate of the former...

Teen Rapper Episode 1

Teen Rapper Episode 1..

11-Feb, 19:24

The following Teen Rapper Episode 1 English Sub has been released. Full...