Skip to content

Flaw in a popular WhatsApp permits snooping

By Giedrius Majauskas

 

Loyal WhatsApp clients: gather around and read this article thoughtfully since we are going to explicitly explain the vulnerability which was detected in this application. Discovery of an error triggered a sensitive response from users that wondered whether their messages are not as private as they anticipated. Surely, it is impossible to welcome such news with a silent excitement. Right about now you must be thinking: what in the world are we talking about? Well, if you missed the big bombshell which was dropped last week, you should step out of your safe cocoon.

At first, we should clearly indicate the issue that forced millions of users to worry about their sent messages. The problematic aspects are mostly noticed in the process of message encryption. WhatsApp encodes conversations with public and secret keys. To make this process smoother, users do not have no worry about obtaining public keys since that is automatically done by the app. Security researchers are concerned whether WhatsApp cannot provide users with wrong keys that belong to someone beyond their circle of friends. If user of WhatsApp is offline, the application can produce new encryption keys for him/her. So, what could this mean? In short, this might just ruin the reputation that WhatsApp has built over the years: a safe messaging app, loaded with discretion. Before, a popular opinion about WhatsApp was that it does not read messages that are sent via it. However, this generation of new keys for offline users shows a possibility of them getting access to such material. If governmental facilities would inquire about a specific user, WhatsApp indeed can provide them with the transcripts of not single messages, but full conversations. This vulnerability transforms WhatsApp into not a highly-secured application. It has more than one billion users, tuning in to chat with their friends and share their daily burdens. The creators of WhatsApp defend their position by stating that people can set to be informed about changes in keys. They also addressed accusations for having an ability to send transcripts of conversations to government. WhatsApp was harsh on this subject: they would refuse to provide governments with such information.

Since monitoring of users has become a prevalent topic, people are worried whether they should continue on using WhatsApp. IT specialists doubt that the explained vulnerability could be used by random hackers since it would require effort and time. The thing to be concerned is whether governmental facilities won’t be allowed to eavesdrop on your conversations and make frightening conclusions. We know that WhatsApp explained not to carry out demands from government, but simply knowing that there is a chance for it gives us the creeps.

Source: theguardian.com, theguardian.com.

Leave a Reply

Your email address will not be published. Required fields are marked *