Facebook, the owner of WhatsApp, claims that it is impossible to intercept messages on WhatsApp thanks to the services end-to-end encryption. The company states that no one, not even itself, can read what is sent when both sender and recipient use the latest version of the application.
Since WhatsApp announced that it will be using end to end encryption, it has been used by a lot of activists, dissidents as well as people across different stratas of the society. WhatsApp uses the Signal protocol for implementing its end-to-end encryption. This protocol has been developed by Open Whisper Systems. In this security keys are exchanged between the users to guarantee that the communication is secure. This is to ensure that there can be no snooping, as you need to decrypt the message to read its contents. Till this point everything is fine.
But the report states that WhatsApp has the ability to force the generation of new encryption keys when users are offline. This is not known the to sender and the receiver of the message. The sender is then prodded on to resend the message using these new keys and send them again to the receiver for any messages that have not gone through, or you haven’t got any blue ticks, to indicate that the message has been delivered. The user does not have any advance warning or any chance to prevent sending such a message.
WhatsApp's end-to-end encryption ensures only you and the person you're communicating with can read what is sent, and nobody in between, not even WhatsApp. Your messages are secured with a lock, and only the recipient and you have the special key needed to unlock and read your message. For added protection, every message you send has a unique lock and key. All of this happens automatically: no need to turn on settings or set up special secret chats to secure your messages.
It turns out however that there is a way for WhatsApp to read user messages, as security researcher Tobias Boelter (via The Guardian) found out.
Steps how to enable security notifications in WhatsApp, do the following:
1. Open WhatsApp on the device you are using.
2. Tap on menu, and select Settings.
3. Select Account on the Settings page.
4. Select Security on the page that opens.
5. Enable "show security notifications" on the Security page.
You will receive notifications when a contact's security code has changed. While this won't prevent misuse of the backdoor, it will at least inform you about its potential use.
Since WhatsApp announced that it will be using end to end encryption, it has been used by a lot of activists, dissidents as well as people across different stratas of the society. WhatsApp uses the Signal protocol for implementing its end-to-end encryption. This protocol has been developed by Open Whisper Systems. In this security keys are exchanged between the users to guarantee that the communication is secure. This is to ensure that there can be no snooping, as you need to decrypt the message to read its contents. Till this point everything is fine.
But the report states that WhatsApp has the ability to force the generation of new encryption keys when users are offline. This is not known the to sender and the receiver of the message. The sender is then prodded on to resend the message using these new keys and send them again to the receiver for any messages that have not gone through, or you haven’t got any blue ticks, to indicate that the message has been delivered. The user does not have any advance warning or any chance to prevent sending such a message.
WhatsApp's end-to-end encryption ensures only you and the person you're communicating with can read what is sent, and nobody in between, not even WhatsApp. Your messages are secured with a lock, and only the recipient and you have the special key needed to unlock and read your message. For added protection, every message you send has a unique lock and key. All of this happens automatically: no need to turn on settings or set up special secret chats to secure your messages.
It turns out however that there is a way for WhatsApp to read user messages, as security researcher Tobias Boelter (via The Guardian) found out.
Steps how to enable security notifications in WhatsApp, do the following:
1. Open WhatsApp on the device you are using.
2. Tap on menu, and select Settings.
3. Select Account on the Settings page.
4. Select Security on the page that opens.
5. Enable "show security notifications" on the Security page.
You will receive notifications when a contact's security code has changed. While this won't prevent misuse of the backdoor, it will at least inform you about its potential use.
WhatsApp's End-to-End Encryption is Not Entirely Safe
Reviewed by Tech Ugly
on
Friday, January 13, 2017
Rating:
Reviewed by Tech Ugly
on
Friday, January 13, 2017
Rating:
No comments: