Edit this page
Modify this page
Edit this string
         
WhatsApp Vulnerability Leaves Backdoor Open To Snooping


The hugely popular mobile messaging app WhatsApp has a vulnerability that allows third-party snooping on its encrypted platform.

The end-to-end encryption that the Facebook-owned company is famous for providing could be intercepted by a middle-man through a vulnerability that creates a ‘backdoor’ into the security system of one of the most widely used chat apps in the world.

Telegraph reports:

Fears over users’ privacy were sparked after Tobias Boelter, a security researcher at the University of California, Berkeley, discovered a backdoor in WhatsApp’s method of end-to-end encryption. The encryption technology was added last year (2016) to ensure that no one – including the company – can read a user’s messages other than them.”

It means the company could intercept messages sent to phones that aren’t connected to the internet and forward them on to a separate device without the sender or receiver knowing. The messages could still be sent to the intended device, leaving users that don’t have security notifications switched on completely unaware.

If WhatsApp was asked by a government agency to disclose its messaging records it can effectively grant access due to the change in keys” Boelter told the Guardian.

The vulnerability, which is unique to WhatsApp rather than the Signal security protocol it uses, can also be used to retrieve entire message transcripts, Boelter said. This is particularly worrying for activists, journalists and regular citizens living in oppressive countries.

Some might say that this vulnerability could only be abused to snoop on ‘single’ targeted messages, not entire conversations. This is not true if you consider that the WhatsApp server can just forward messages without sending the ‘message was received by recipient’ notification (or the double tick), which users might not notice. Using the retransmission vulnerability, the WhatsApp server can then later get a transcript of the whole conversation, not just a single message.”

Boelter told Facebook about the flaw last spring (2016), but the company said it was “expected behaviour” and has not attempted to fix it.

Experts said the findings were “serious” and “alarming” at a time when governments are looking for ways to bypass encryption, and criticized the company for violating users’ privacy.

The potential for government abuses from this misuse of encryption with WhatsApp is alarming,” said Kevin Bocek, chief cyber security strategist at Venafi. “This is a serious vulnerability.”

Bocek urged companies to put systems in place that protect cryptographic keys quickly when needed. “This is critical at a time when governments worldwide are attempting to break down and intrude on the use of encryption to protect privacy, a basic right for people worldwide.”

WhatsApp said it implemented the backdoor to make it easier for users, with the most common reason for security codes changing being when a user switches their device or re-installs the app.

In many parts of the world, people frequently change devices and SIM cards” the company said. “In these situations, we want to make sure people’s messages are delivered, not lost in transit.

WhatsApp does not give governments a backdoor into its systems and would fight any government request to create one. The design decision prevents millions of messages from being lost, and WhatsApp offers people security notifications to alert them to potential security risks.

WhatsApp published a technical white paper on its encryption design, and has been transparent about the government requests it receives, publishing data about those requests in the Facebook Government Requests Report.

How to protect your messages

WhatsApp users can alter their settings to receive an alert whenever there is a change made to encryption. This means that they would get a notification if one of their messages was redirected to a device with a different key. To set up encryption warnings go to SettingsAccountSecurity → Turn on Show security notifications.

Another option is to use other messaging apps that boast more secure encryption, such as Signal.
 
 
yogaesoteric
April 19, 2017
 

Articles published recently

> 20 FebruaryThe satanic Cabal puppets are on the rack to overthrow Trump from power…

> 19 FebruaryHuffPo Censored and Deleted Anti-Pharma Vaccine Post from Their Website. Read It Here

> 19 FebruaryHuman Rights Activists Are Asking 8 Countries How Much They Spy on Each Other’s Citizens

> 18 FebruaryGovernment Report: In 20 Years A.I. Implants Will Allow Humans To Control Our World

> 18 FebruaryMagicians and Their Masters Rule the World, Not Politicians, Lawyers, Bankers, Aristocrats and Monarchs

> 18 FebruaryEndgame: Disclosure and the Final Defeat of the Cabal (5)

> 17 FebruaryFinally Parents Begin Removing Their Children From Public Indoctrination Center Over Teaching Transgenderism

> 17 FebruaryExposed: CIA – The Swamp Monsters (3)

> 17 FebruaryThe creation of the Rockefeller pharma industry

> 17 FebruaryAll Wars Are Bankers Wars! (2)

> 16 FebruaryNew sensational truths come to light on the international arena of the flaming struggle between the forces of good and evil

> 16 FebruaryOne organization controls behind the scenes almost everything human beings on this planet see, hear and read in the media...

> 15 FebruarySeven Years Ago Today, the US Helped Murder Gaddafi to Stop the Creation of Gold-Backed Currency

> 15 FebruarySpy Schools: How the CIA, FBI and Foreign Intelligence Secretly Exploit America’s Universities

> 15 FebruaryWhat’s Really Going On, Plus Do We Know?

> 14 FebruaryUK Elites Push for New Laws to Lower Age of Consent to 12 Years Old

> 14 FebruaryFacebook Is Looking for Employees With National Security Clearances

> 13 FebruaryGermany Unleashes New ‘Ministry Of Truth’ (2)

> 13 FebruaryAgenda 21 – The Plan To Kill You

> 13 February16 Unanswered Questions About The Las Vegas Shooting That The Mainstream Media Doesn’t Want To Talk About

> 12 FebruaryEndgame: Disclosure and the Final Defeat of the Cabal (4)

> 12 FebruaryThe Sinister Agenda behind the Washington War on Cash

> 11 FebruaryThe Unholy Trinity of Globalist Control: The Vatican, the City of London and Washington D.C.

> 11 FebruaryCDC Knowingly Lied About Mercury in Vaccines: Proof Has Surfaced

> 11 FebruaryExposed: CIA – The Swamp Monsters (2)

> 10 February10 Signs of Our Global Awakening

> 10 FebruaryThe Media Is Now The Political Opposition

> 10 FebruaryAll Wars Are Bankers Wars! (1)

> 9 FebruaryFake News ‘Vaccine’ Could Stop Spread of False Information

> 8 FebruaryBREAKING: 9/11, Filling in the Map, Tracing the Nukes (2)

> 8 FebruaryOnline Privacy Took New Twist with Rule 41

> 8 FebruaryGermany Unleashes New ‘Ministry Of Truth’ (1)

> 7 FebruaryThe mysterious, unsuspected reasons that make possible the imminent defeat of the satanic elite of the so-called ILLUMINATI...

> 7 FebruaryNWO-Paradox: How the ‘Disbanded’ Crusader Templers Finally Became the Foundation of the Caliphate!

> 6 FebruaryEndgame: Disclosure and the Final Defeat of the Cabal (3)

> 6 FebruaryExposed: CIA – The Swamp Monsters (1)

> 6 February5G, The Elephant in Your Living Room