Election Commission appoints 15 expenditure observers in Punjab
New York: WhatsApp has denied the reports that encrypted messages on its platform can be read or intercepted, saying it has a design decision relating to message delivery, with new keys being generated for offline users in order to ensure messages do not get lost in transit.
The Guardian reported on Friday that a security vulnerability that can be used to allow Facebook and others to intercept and read encrypted messages has been found within its WhatsApp messaging service.
“The Guardian posted a story this morning claiming that an intentional design decision in WhatsApp that prevents people from losing millions of messages is a ‘backdoor’ allowing governments to force WhatsApp to decrypt message streams. This claim is false,” said a company spokesperson in a statement sent to TechCrunch.
WhatsApp said that it does not give governments a “backdoor” into its systems and would fight any government request to create a backdoor.
“The design decision referenced in the Guardian story prevents millions of messages from being lost, and WhatsApp offers people security notifications to alert them to potential security risks,” the statement added.
WhatsApp has published a technical white paper on its encryption design, and has been transparent about the government requests it receives, publishing data about those requests in the Facebook Government Requests Report.
The security issue was detected by Tobias Boelter, a cryptography and security researcher and reported by the Guardian.
“If WhatsApp is asked by a government agency to disclose its messaging records, it can effectively grant access due to the change in keys,” Boelter was quoted as saying.
However, many security commentators have said that the vulnerability being claimed to be discovered is nothing new “but rather a rehashing of the long-standing issue of how key verification is implemented within an encrypted system.”
“If someone would demand WhatsApp to implement a backdoor, you might expect them to implement something more obvious. Like responding with the history of all conversations when triggered to so do with a certain secret message. Furthermore, this flaw can be explained as a programming bug,” Boelter was quoted as saying.
He said that Facebook did not fix the flaw since he reported it to them in April 2016.
“So maybe it was a bug first, but when discovered it got started being used as a backdoor,” he added.
In response, WhatsApp has published a technical white paper explaining its implementation of end-to-end encryption.
“The Guardian’s story on an alleged ‘backdoor’ in WhatsApp is false. WhatsApp does not give governments a ‘backdoor’ into its systems. WhatsApp would fight any government request to create a backdoor,” said Brian Acton, Co-founder WhatsApp, in a Reddit post.
The security issue was detected by Tobias Boelter, a cryptography and security researcher.
“If WhatsApp is asked by a government agency to disclose its messaging records, it can effectively grant access due to the change in keys,” The Guardian quoted Boelter as saying.
WhatsApp said it was designed to be simple and they had built end-to-end encryption, with encryption as the default so that not a single one of their one billion users has to turn on encryption.
“The fact that WhatsApp handles key changes is not a ‘backdoor’, it is how cryptography works. Any attempt to intercept messages in transmit by the server is detectable by the sender, just like with signal, PGP, or any other end-to-end encrypted communication system,” said Moxie Marlinspike, who designed WhatsApp’s encryption, in a blog.
WhatsApp has published a technical white paper explaining its implementation of end-to-end encryption.
