Sunday, May 31, 2020 | Last Update : 02:40 AM IST

68th Day Of Lockdown

Maharashtra65168280812197 Tamil Nadu2024611313157 Delhi173877846398 Gujarat1635692321007 Rajasthan83654855184 Madhya Pradesh78914444343 Uttar Pradesh77014651213 West Bengal48131775302 Andhra Pradesh3461228960 Bihar3359120915 Karnataka292299749 Telangana2499141277 Jammu and Kashmir234190828 Punjab2197194942 Odisha17239779 Haryana172194019 Kerala120957510 Assam9361044 Uttarakhand493794 Jharkhand4621914 Chhatisgarh4471021 Chandigarh2891994 Tripura2711720 Himachal Pradesh223634 Goa70420 Manipur6060 Puducherry57230 Nagaland3600 Meghalaya27121 Arunachal Pradesh310 Mizoram110 Sikkim100

Cryptographer discovers ‘backdoor’ in Whatsapp

THE ASIAN AGE.
Published : Jan 18, 2017, 4:20 am IST
Updated : Jan 18, 2017, 6:36 am IST

The design decision referenced in the Guardian story prevents millions of messages from being lost.

WhatsApp’s end-to-end encryption relies on the generation of unique security keys, using the Signal protocol that are traded and verified between users to guarantee communications are secure.
 WhatsApp’s end-to-end encryption relies on the generation of unique security keys, using the Signal protocol that are traded and verified between users to guarantee communications are secure.

Mumbai: The claims of complete security by WhatsApp for its one billion users has been exposed by Tobias Boelter, a cryptographer and security researcher at the University of California, Berkeley.

He told the Guardian newspaper over the weekend: “If WhatsApp is asked by a government agency to disclose its messaging records, it can effectively grant access due to the change in keys.”

Both WhatsApp and Facebook denied this saying “WhatsApp does not give governments a “backdoor” into its systems and would fight any government request to create a backdoor.

“The design decision referenced in the Guardian story prevents millions of messages from being lost, and WhatsApp offers people security notifications to alert them to potential security risks.”

WhatsApp’s end-to-end encryption relies on the generation of unique security keys, using the Signal protocol, developed by Open Whisper Systems, that are traded and verified between users to guarantee communications are secure and cannot be intercepted by a middleman.

However, Mr Boelter discovered that WhatsApp has the ability to force the generation of new encryption keys for offline users, unbeknown to the sender and recipient of the messages, and to make the sender re-encrypt messages with new keys and send them again for any messages that have not been marked as delivered.

Explaining where the vulnerability lies Ankush Johar, director, BugsBounty.com said “if I change my phone and put a new WhatsApp, at 10.1am  and at 10am you had sent me a message which  I didn’t get, WhatsApp generates the ability to give a new encryption  so I get the message and when they assign it, it means there is vulnerability.

“So this design or signal  does not mean that there is no backdoor. This affects the community that wants privacy.”

Mr Johar suggests that Whatsapp users should immediately  turn ‘ON’ a setting and keep it on by default, so they know when the encryption key is changed. This would alert them that a new key has been generated.

To turn on this notification: Navigate to Settings in whatsapp -> choose account -> choose security -> enable the “Show security notifications” option.

Tags: whatsapp, facebook, security
ADVERTISEMENT
ADVERTISEMENT