According to a cyber security researcher, WhatsApp’s encryption technique is hiding a dirty secret; one that enables the company to effectively spy on a user of their choosing.
In an interview with The Guardian, US cryptographer Tobias Boelter at the University of California claims Facebook can intercept and read the users’ texts on it’s instant message app. Boelter explains that WhatsApp’s end-to-end encryption works by generating unique security keys, which are traded and verified between two users, in order to ensure the conversation is secure. What he says isn’t widely known is that, when a message is undelivered, the app resends it with a new security key, effectively giving the company access to the conversation. In fact, both sender and recipient will be unaware if this happens until after the fact, and only if they have turned on the option for encryption warnings in the app.
“If WhatsApp is asked by a government agency to disclose its messaging records, it can effectively grant access due to the change in keys,” Boelter told The Guardian. The news has greatly disturbed online privacy campaigners, who indicated to the paper that the possible back door is “a huge threat to freedom of speech”. All of this after WhatsApp made a huge deal about its all-new end-to-end encryption when it was introduced in April last year, pegging it as one of the USP’s of the app.