Security Experts Rebut The Guardian’s Report That Claimed WhatsApp Has a Backdoor

Security Experts Rebut The Guardian’s Report That Claimed WhatsApp Has a Backdoor

William Turton, writing for Gizmodo: This morning, the Guardian published a story with an alarming headline: “WhatsApp backdoor allows snooping on encrypted messages.” If true, this would have massive implications for the security and privacy of WhatsApp’s one-billion-plus users. Fortunately, there’s no backdoor in WhatsApp, and according to Alec Muffett, an experienced security researcher who spoke to Gizmodo, the Guardian’s story is a “major league fuckwittage.” […] Fredric Jacobs, who was the iOS developer at Open Whisper Systems, the collective that designed and maintains the Signal encryption protocol, and who most recently worked at Apple, said, “Nothing new. Of course, if you don’t verify keys Signal/WhatsApp/… can man-in-the-middle your communications.” “I characterize the threat posed by such reportage as being fear and uncertainty and doubt on an ‘anti-vaccination’ scale,” Muffett, who previously worked on Facebook’s engineering security infrastructure team, told Gizmodo. “It is not a bug, it is working as designed and someone is saying it’s a ‘flaw’ and pretending it is earth shattering when in fact it is ignorable.” The supposed “backdoor” the Guardian is describing is actually a feature working as intended, and it would require significant collaboration with Facebook to be able to snoop on and intercept someone’s encrypted messages, something the company is extremely unlikely to do. “There’s a feature in WhatsApp that — when you swap phones, get a new phone, factory reset, whatever — when you install WhatsApp freshly on the new phone and continue a conversation, the encryption keys get re-negotiated to accommodate the new phone,” Muffett told Gizmodo. Other security experts and journalists have also criticized The Guardian’s story.

Read more of this story at Slashdot.

Security backdoor discovered in WhatsApp’s end-to-end encryption system

Security backdoor discovered in WhatsApp’s end-to-end encryption system

A security researcher has found a backdoor in the end-to-end encryption system used by the WhatsApp messaging service. The vulnerability would allow Facebook to read messages sent through the supposedly secure system, as well as making it possible for the company to comply with court orders to make messages available to governments and law enforcement.

While end-to-end encryption would normally mean that not even the company operating the service can decrypt messages, only the intended recipient, the specific implementation used in WhatsApp includes a major security hole …

more…

Filed under: Google Corporate